Snap for 7910331 from 9f93ca1b743d3f5169cde447d6c6fccd9eca45aa to mainline-neuralnetworks-release
Change-Id: Ie9d22ca70acd7634548615998a28e7a3c4690ab6
diff --git a/server/Android.bp b/server/Android.bp
index 9d51d02..18042ae 100644
--- a/server/Android.bp
+++ b/server/Android.bp
@@ -7,150 +7,6 @@
default_applicable_licenses: ["system_netd_license"],
}
-java_library {
- name: "netd_aidl_interface-lateststable-java",
- sdk_version: "system_current",
- min_sdk_version: "29",
- static_libs: [
- "netd_aidl_interface-V6-java",
- ],
- apex_available: [
- "//apex_available:platform", // used from services.net
- "com.android.bluetooth.updatable",
- "com.android.tethering",
- "com.android.wifi",
- ],
-}
-
-cc_library_static {
- name: "netd_event_listener_interface-lateststable-ndk_platform",
- whole_static_libs: [
- "netd_event_listener_interface-V1-ndk_platform",
- ],
- apex_available: [
- "com.android.resolv",
- ],
- min_sdk_version: "29",
-}
-
-cc_library_static {
- name: "netd_aidl_interface-lateststable-ndk_platform",
- whole_static_libs: [
- // TODO: bump V6 when DNS resolver no longer automerges to mainline-prod. This is not
- // currently possible because compiling against deprecated methods generates a warning,
- // and the DnsResolver tests compile against lateststable-ndk_platform and use -Werror.
- // Those tests cannot be updated to call the new method because the DnsResolver code
- // automerges to mainline-prod, which does not have the new method.
- "netd_aidl_interface-V5-ndk_platform",
- ],
- apex_available: [
- "com.android.resolv",
- ],
- min_sdk_version: "29",
-}
-
-cc_library_static {
- name: "netd_aidl_interface-lateststable-cpp",
- whole_static_libs: [
- "netd_aidl_interface-V6-cpp",
- ],
-}
-
-aidl_interface {
- name: "netd_aidl_interface",
- local_include_dir: "binder",
- srcs: [
- "binder/android/net/INetd.aidl",
- // AIDL interface that callers can implement to receive networking events from netd.
- "binder/android/net/INetdUnsolicitedEventListener.aidl",
- "binder/android/net/InterfaceConfigurationParcel.aidl",
- "binder/android/net/MarkMaskParcel.aidl",
- "binder/android/net/NativeNetworkConfig.aidl",
- "binder/android/net/NativeNetworkType.aidl",
- "binder/android/net/NativeVpnType.aidl",
- "binder/android/net/RouteInfoParcel.aidl",
- "binder/android/net/TetherConfigParcel.aidl",
- "binder/android/net/TetherOffloadRuleParcel.aidl",
- "binder/android/net/TetherStatsParcel.aidl",
- "binder/android/net/UidRangeParcel.aidl",
- ],
- backend: {
- cpp: {
- gen_log: true,
- },
- java: {
- // TODO: Remove apex_available and restrict visibility to only mainline modules that are
- // either outside the system server or use jarjar to rename the generated AIDL classes.
- apex_available: [
- "//apex_available:platform", // used from services.net
- "com.android.bluetooth.updatable",
- "com.android.tethering",
- "com.android.wifi",
- ],
- // this is part of updatable modules(NetworkStack) which targets 29(Q)
- min_sdk_version: "29",
- },
- ndk: {
- apex_available: [
- "//apex_available:platform",
- ],
- // This is necessary for the DnsResovler tests to run in Android Q.
- // Soong would recognize this value and produce the Q compatible aidl library.
- min_sdk_version: "29",
- },
- },
- versions: [
- "1",
- "2",
- "3",
- "4",
- "5",
- "6",
- ],
-}
-
-java_library {
- name: "netd_event_listener_interface-lateststable-java",
- sdk_version: "system_current",
- min_sdk_version: "29",
- static_libs: [
- "netd_event_listener_interface-V1-java",
- ],
- apex_available: [
- "//apex_available:platform",
- "com.android.bluetooth.updatable",
- "com.android.wifi",
- "com.android.tethering",
- ],
-}
-
-aidl_interface {
- name: "netd_event_listener_interface",
- local_include_dir: "binder",
- srcs: [
- "binder/android/net/metrics/INetdEventListener.aidl",
- ],
- versions: ["1"],
- backend: {
- ndk: {
- apex_available: [
- "//apex_available:platform",
- "com.android.resolv",
- ],
- min_sdk_version: "29",
- },
- java: {
- apex_available: [
- "//apex_available:platform",
- "com.android.bluetooth.updatable",
- "com.android.wifi",
- "com.android.tethering",
- ],
- min_sdk_version: "29",
- },
- },
-}
-
aidl_interface {
// This interface is for OEM calls to netd and vice versa that do not exist in AOSP.
// Those calls cannot be part of INetd.aidl and INetdUnsolicitedEventListener.aidl
@@ -224,7 +80,7 @@
"libqtaguid",
"libssl",
"libsysutils",
- "netd_aidl_interface-V6-cpp",
+ "netd_aidl_interface-V7-cpp",
"netd_event_listener_interface-V1-cpp",
],
aidl: {
@@ -267,7 +123,7 @@
"libselinux",
"libsysutils",
"libutils",
- "netd_aidl_interface-V6-cpp",
+ "netd_aidl_interface-V7-cpp",
"netd_event_listener_interface-V1-cpp",
"oemnetd_aidl_interface-cpp",
],
@@ -365,7 +221,7 @@
"libnetd_server",
"libnetd_test_tun_interface",
"libqtaguid",
- "netd_aidl_interface-V6-cpp",
+ "netd_aidl_interface-V7-cpp",
"netd_event_listener_interface-V1-cpp",
],
shared_libs: [
diff --git a/server/Controllers.cpp b/server/Controllers.cpp
index 7e2780f..1f2bac2 100644
--- a/server/Controllers.cpp
+++ b/server/Controllers.cpp
@@ -285,6 +285,12 @@
netdutils::Status tcStatus = trafficCtrl.start();
if (!isOk(tcStatus)) {
gLog.error("Failed to start trafficcontroller: (%s)", toString(tcStatus).c_str());
+ gLog.error("CRITICAL: sleeping 60 seconds, netd exiting with failure, crash loop likely!");
+ // The expected reason we get here is a major kernel or other code bug, as such
+ // the probability that things will succeed on restart of netd is pretty small.
+ // So, let's wait a minute to at least try to limit the log spam a little bit.
+ sleep(60);
+ exit(1);
}
gLog.info("Initializing traffic control: %" PRId64 "us", s.getTimeAndResetUs());
diff --git a/server/FirewallController.cpp b/server/FirewallController.cpp
index 0a0f8d8..35fd1e2 100644
--- a/server/FirewallController.cpp
+++ b/server/FirewallController.cpp
@@ -90,7 +90,8 @@
}
int FirewallController::setupIptablesHooks(void) {
- int res = 0;
+ int res = flushRules();
+
// mUseBpfOwnerMatch should be removed, but it is still depended upon by test code.
mUseBpfOwnerMatch = true;
if (mUseBpfOwnerMatch) {
@@ -126,19 +127,22 @@
return res ? -EREMOTEIO : 0;
}
+int FirewallController::flushRules() {
+ std::string command =
+ "*filter\n"
+ ":fw_INPUT -\n"
+ ":fw_OUTPUT -\n"
+ ":fw_FORWARD -\n"
+ "-6 -A fw_OUTPUT ! -o lo -s ::1 -j DROP\n"
+ "COMMIT\n";
+
+ return (execIptablesRestore(V4V6, command.c_str()) == 0) ? 0 : -EREMOTEIO;
+}
+
int FirewallController::resetFirewall(void) {
mFirewallType = ALLOWLIST;
mIfaceRules.clear();
-
- // flush any existing rules
- std::string command =
- "*filter\n"
- ":fw_INPUT -\n"
- ":fw_OUTPUT -\n"
- ":fw_FORWARD -\n"
- "COMMIT\n";
-
- return (execIptablesRestore(V4V6, command.c_str()) == 0) ? 0 : -EREMOTEIO;
+ return flushRules();
}
int FirewallController::enableChildChains(ChildChain chain, bool enable) {
diff --git a/server/FirewallController.h b/server/FirewallController.h
index 6cabfb5..6de1b45 100644
--- a/server/FirewallController.h
+++ b/server/FirewallController.h
@@ -57,46 +57,46 @@
*/
class FirewallController {
public:
- FirewallController();
+ FirewallController();
- int setupIptablesHooks(void);
+ int setupIptablesHooks(void);
- int setFirewallType(FirewallType);
- int resetFirewall(void);
- int isFirewallEnabled(void);
+ int setFirewallType(FirewallType);
+ int resetFirewall(void);
+ int isFirewallEnabled(void);
- /* Match traffic going in/out over the given iface. */
- int setInterfaceRule(const char*, FirewallRule);
- /* Match traffic owned by given UID. This is specific to a particular chain. */
- int setUidRule(ChildChain, int, FirewallRule);
+ /* Match traffic going in/out over the given iface. */
+ int setInterfaceRule(const char*, FirewallRule);
+ /* Match traffic owned by given UID. This is specific to a particular chain. */
+ int setUidRule(ChildChain, int, FirewallRule);
- int enableChildChains(ChildChain, bool);
+ int enableChildChains(ChildChain, bool);
- int replaceUidChain(const std::string&, bool, const std::vector<int32_t>&);
+ int replaceUidChain(const std::string&, bool, const std::vector<int32_t>&);
- static std::string makeCriticalCommands(IptablesTarget target, const char* chainName);
- static uid_t discoverMaximumValidUid(const std::string& fileName);
+ static std::string makeCriticalCommands(IptablesTarget target, const char* chainName);
+ static uid_t discoverMaximumValidUid(const std::string& fileName);
- static const char* TABLE;
+ static const char* TABLE;
- static const char* LOCAL_INPUT;
- static const char* LOCAL_OUTPUT;
- static const char* LOCAL_FORWARD;
+ static const char* LOCAL_INPUT;
+ static const char* LOCAL_OUTPUT;
+ static const char* LOCAL_FORWARD;
- static const char* LOCAL_DOZABLE;
- static const char* LOCAL_STANDBY;
- static const char* LOCAL_POWERSAVE;
- static const char* LOCAL_RESTRICTED;
+ static const char* LOCAL_DOZABLE;
+ static const char* LOCAL_STANDBY;
+ static const char* LOCAL_POWERSAVE;
+ static const char* LOCAL_RESTRICTED;
- static const char* ICMPV6_TYPES[];
+ static const char* ICMPV6_TYPES[];
- std::mutex lock;
+ std::mutex lock;
protected:
- friend class FirewallControllerTest;
- std::string makeUidRules(IptablesTarget target, const char* name, bool isAllowlist,
- const std::vector<int32_t>& uids);
- static int (*execIptablesRestore)(IptablesTarget target, const std::string& commands);
+ friend class FirewallControllerTest;
+ std::string makeUidRules(IptablesTarget target, const char* name, bool isAllowlist,
+ const std::vector<int32_t>& uids);
+ static int (*execIptablesRestore)(IptablesTarget target, const std::string& commands);
private:
// Netd supports two cases, in both of which mMaxUid that derives from the uid mapping is const:
@@ -108,6 +108,7 @@
FirewallType mFirewallType;
bool mUseBpfOwnerMatch;
std::set<std::string> mIfaceRules;
+ int flushRules(void);
int attachChain(const char*, const char*);
int detachChain(const char*, const char*);
int createChain(const char*, FirewallType);
diff --git a/server/FirewallControllerTest.cpp b/server/FirewallControllerTest.cpp
index df6ca82..1f199af 100644
--- a/server/FirewallControllerTest.cpp
+++ b/server/FirewallControllerTest.cpp
@@ -227,19 +227,18 @@
TEST_F(FirewallControllerTest, TestFirewall) {
std::vector<std::string> enableCommands = {
- "*filter\n"
- "-A fw_INPUT -j DROP\n"
- "-A fw_OUTPUT -j REJECT\n"
- "-A fw_FORWARD -j REJECT\n"
- "COMMIT\n"
- };
+ "*filter\n"
+ "-A fw_INPUT -j DROP\n"
+ "-A fw_OUTPUT -j REJECT\n"
+ "-A fw_FORWARD -j REJECT\n"
+ "COMMIT\n"};
std::vector<std::string> disableCommands = {
- "*filter\n"
- ":fw_INPUT -\n"
- ":fw_OUTPUT -\n"
- ":fw_FORWARD -\n"
- "COMMIT\n"
- };
+ "*filter\n"
+ ":fw_INPUT -\n"
+ ":fw_OUTPUT -\n"
+ ":fw_FORWARD -\n"
+ "-6 -A fw_OUTPUT ! -o lo -s ::1 -j DROP\n"
+ "COMMIT\n"};
std::vector<std::string> noCommands = {};
EXPECT_EQ(0, mFw.resetFirewall());
diff --git a/server/NetdNativeService.cpp b/server/NetdNativeService.cpp
index 05c515d..1f5dc97 100644
--- a/server/NetdNativeService.cpp
+++ b/server/NetdNativeService.cpp
@@ -56,6 +56,7 @@
using android::net::TetherOffloadRuleParcel;
using android::net::TetherStatsParcel;
using android::net::UidRangeParcel;
+using android::net::netd::aidl::NativeUidRangeConfig;
using android::netdutils::DumpWriter;
using android::netdutils::ScopedIndent;
using android::os::ParcelFileDescriptor;
@@ -400,7 +401,8 @@
int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
// NetworkController::addUsersToNetwork is thread-safe.
ENFORCE_NETWORK_STACK_PERMISSIONS();
- int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray));
+ int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray),
+ UidRanges::DEFAULT_SUB_PRIORITY);
return statusFromErrcode(ret);
}
@@ -408,7 +410,22 @@
int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
// NetworkController::removeUsersFromNetwork is thread-safe.
ENFORCE_NETWORK_STACK_PERMISSIONS();
- int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray));
+ int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray),
+ UidRanges::DEFAULT_SUB_PRIORITY);
+ return statusFromErrcode(ret);
+}
+
+binder::Status NetdNativeService::networkAddUidRangesParcel(const NativeUidRangeConfig& config) {
+ ENFORCE_NETWORK_STACK_PERMISSIONS();
+ int ret = gCtls->netCtrl.addUsersToNetwork(config.netId, UidRanges(config.uidRanges),
+ config.subPriority);
+ return statusFromErrcode(ret);
+}
+
+binder::Status NetdNativeService::networkRemoveUidRangesParcel(const NativeUidRangeConfig& config) {
+ ENFORCE_NETWORK_STACK_PERMISSIONS();
+ int ret = gCtls->netCtrl.removeUsersFromNetwork(config.netId, UidRanges(config.uidRanges),
+ config.subPriority);
return statusFromErrcode(ret);
}
diff --git a/server/NetdNativeService.h b/server/NetdNativeService.h
index 1e995ef..9779f36 100644
--- a/server/NetdNativeService.h
+++ b/server/NetdNativeService.h
@@ -74,6 +74,10 @@
const std::vector<UidRangeParcel>& uids) override;
binder::Status networkRemoveUidRanges(int32_t netId,
const std::vector<UidRangeParcel>& uids) override;
+ binder::Status networkAddUidRangesParcel(
+ const netd::aidl::NativeUidRangeConfig& uidRangesConfig) override;
+ binder::Status networkRemoveUidRangesParcel(
+ const netd::aidl::NativeUidRangeConfig& uidRangesConfig) override;
binder::Status networkRejectNonSecureVpn(bool enable,
const std::vector<UidRangeParcel>& uids) override;
binder::Status networkAddRouteParcel(int32_t netId, const RouteInfoParcel& route) override;
diff --git a/server/Network.cpp b/server/Network.cpp
index cba9edf..72a1545 100644
--- a/server/Network.cpp
+++ b/server/Network.cpp
@@ -70,24 +70,68 @@
return repr.str();
}
-bool Network::appliesToUser(uid_t uid) const {
- return mUidRanges.hasUid(uid);
+std::string Network::uidRangesToString() const {
+ if (mUidRangeMap.empty()) {
+ return "";
+ }
+
+ std::ostringstream result;
+ for (auto it = mUidRangeMap.begin(); it != mUidRangeMap.end(); ++it) {
+ result << "prio " << it->first << " " << it->second.toString();
+ if (std::next(it) != mUidRangeMap.end()) result << "; ";
+ }
+ return result.str();
}
-bool Network::hasInvalidUidRanges(const UidRanges& uidRanges) const {
- if (uidRanges.overlapsSelf()) {
- ALOGE("uid range %s overlaps self", uidRanges.toString().c_str());
- return true;
- }
-
- if (uidRanges.overlaps(mUidRanges)) {
- ALOGE("uid range %s overlaps %s", uidRanges.toString().c_str(),
- mUidRanges.toString().c_str());
- return true;
+// Check if the user has been added to this network. If yes, the highest priority of matching
+// setting is returned by subPriority. Thus caller can make choice among several matching
+// networks.
+bool Network::appliesToUser(uid_t uid, uint32_t* subPriority) const {
+ for (const auto& [priority, uidRanges] : mUidRangeMap) {
+ if (uidRanges.hasUid(uid)) {
+ *subPriority = priority;
+ return true;
+ }
}
return false;
}
+void Network::addToUidRangeMap(const UidRanges& uidRanges, uint32_t subPriority) {
+ auto iter = mUidRangeMap.find(subPriority);
+ if (iter != mUidRangeMap.end()) {
+ iter->second.add(uidRanges);
+ } else {
+ mUidRangeMap[subPriority] = uidRanges;
+ }
+}
+
+void Network::removeFromUidRangeMap(const UidRanges& uidRanges, uint32_t subPriority) {
+ auto iter = mUidRangeMap.find(subPriority);
+ if (iter != mUidRangeMap.end()) {
+ iter->second.remove(uidRanges);
+ if (iter->second.empty()) {
+ mUidRangeMap.erase(subPriority);
+ }
+ } else {
+ ALOGW("uidRanges with priority %u not found", subPriority);
+ }
+}
+
+bool Network::canAddUidRanges(const UidRanges& uidRanges, uint32_t subPriority) const {
+ if (uidRanges.overlapsSelf()) {
+ ALOGE("uid range %s overlaps self", uidRanges.toString().c_str());
+ return false;
+ }
+
+ auto iter = mUidRangeMap.find(subPriority);
+ if (iter != mUidRangeMap.end() && uidRanges.overlaps(iter->second)) {
+ ALOGE("uid range %s overlaps priority %u %s", uidRanges.toString().c_str(), subPriority,
+ iter->second.toString().c_str());
+ return false;
+ }
+ return true;
+}
+
bool Network::isSecure() const {
return mSecure;
}
diff --git a/server/Network.h b/server/Network.h
index d5110d0..aa1b21a 100644
--- a/server/Network.h
+++ b/server/Network.h
@@ -24,6 +24,8 @@
namespace android::net {
+typedef std::map<uint32_t, UidRanges> UidRangeMap;
+
// A Network represents a collection of interfaces participating as a single administrative unit.
class Network {
public:
@@ -44,22 +46,31 @@
[[nodiscard]] int clearInterfaces();
std::string toString() const;
- bool appliesToUser(uid_t uid) const;
- [[nodiscard]] virtual int addUsers(const UidRanges&) { return -EINVAL; };
- [[nodiscard]] virtual int removeUsers(const UidRanges&) { return -EINVAL; };
+ std::string uidRangesToString() const;
+ bool appliesToUser(uid_t uid, uint32_t* subPriority) const;
+ [[nodiscard]] virtual int addUsers(const UidRanges&, uint32_t /*subPriority*/) {
+ return -EINVAL;
+ };
+ [[nodiscard]] virtual int removeUsers(const UidRanges&, uint32_t /*subPriority*/) {
+ return -EINVAL;
+ };
bool isSecure() const;
virtual bool isPhysical() { return false; }
virtual bool isUnreachable() { return false; }
virtual bool isVirtual() { return false; }
virtual bool canAddUsers() { return false; }
+ virtual bool isValidSubPriority(uint32_t /*priority*/) { return false; }
+ virtual void addToUidRangeMap(const UidRanges& uidRanges, uint32_t subPriority);
+ virtual void removeFromUidRangeMap(const UidRanges& uidRanges, uint32_t subPriority);
protected:
explicit Network(unsigned netId, bool mSecure = false);
- bool hasInvalidUidRanges(const UidRanges& uidRanges) const;
+ bool canAddUidRanges(const UidRanges& uidRanges, uint32_t subPriority) const;
const unsigned mNetId;
std::set<std::string> mInterfaces;
- UidRanges mUidRanges;
+ // Each subsidiary priority maps to a set of UID ranges of a feature.
+ std::map<uint32_t, UidRanges> mUidRangeMap;
const bool mSecure;
private:
diff --git a/server/NetworkController.cpp b/server/NetworkController.cpp
index ff52db5..602639c 100644
--- a/server/NetworkController.cpp
+++ b/server/NetworkController.cpp
@@ -616,22 +616,24 @@
} // namespace
-int NetworkController::addUsersToNetwork(unsigned netId, const UidRanges& uidRanges) {
+int NetworkController::addUsersToNetwork(unsigned netId, const UidRanges& uidRanges,
+ uint32_t subPriority) {
ScopedWLock lock(mRWLock);
Network* network = getNetworkLocked(netId);
if (int ret = isWrongNetworkForUidRanges(netId, network)) {
return ret;
}
- return network->addUsers(uidRanges);
+ return network->addUsers(uidRanges, subPriority);
}
-int NetworkController::removeUsersFromNetwork(unsigned netId, const UidRanges& uidRanges) {
+int NetworkController::removeUsersFromNetwork(unsigned netId, const UidRanges& uidRanges,
+ uint32_t subPriority) {
ScopedWLock lock(mRWLock);
Network* network = getNetworkLocked(netId);
if (int ret = isWrongNetworkForUidRanges(netId, network)) {
return ret;
}
- return network->removeUsers(uidRanges);
+ return network->removeUsers(uidRanges, subPriority);
}
int NetworkController::addRoute(unsigned netId, const char* interface, const char* destination,
@@ -740,6 +742,11 @@
dw.println("Required permission: %s", permissionToName(permission));
dw.decIndent();
}
+ if (const auto& str = network->uidRangesToString(); !str.empty()) {
+ dw.incIndent();
+ dw.println(str);
+ dw.decIndent();
+ }
dw.blankline();
}
dw.decIndent();
@@ -776,30 +783,32 @@
}
VirtualNetwork* NetworkController::getVirtualNetworkForUserLocked(uid_t uid) const {
+ uint32_t subPriority;
for (const auto& [_, network] : mNetworks) {
- if (network->isVirtual() && network->appliesToUser(uid)) {
+ if (network->isVirtual() && network->appliesToUser(uid, &subPriority)) {
return static_cast<VirtualNetwork*>(network);
}
}
return nullptr;
}
+// Returns a network with the highest subsidiary priority among physical and unreachable networks
+// that applies to uid. For a single subsidiary priority, an uid should belong to only one network.
+// If the uid apply to different network with the same priority at the same time, the behavior is
+// undefined. That is a configuration error.
Network* NetworkController::getPhysicalOrUnreachableNetworkForUserLocked(uid_t uid) const {
- // OEM-paid network take precedence over the unreachable network.
- for (const auto& [_, network] : mNetworks) {
- if (network->isPhysical() && network->appliesToUser(uid)) {
- // Return the first physical network that matches UID.
- // If there is more than one such network, the behaviour is undefined.
- // This is a configuration error.
- return network;
+ Network* bestNetwork = nullptr;
+ unsigned bestSubPriority = UidRanges::LOWEST_SUB_PRIORITY + 1;
+ for (const auto& [netId, network] : mNetworks) {
+ uint32_t subPriority;
+ if (!network->isPhysical() && !network->isUnreachable()) continue;
+ if (!network->appliesToUser(uid, &subPriority)) continue;
+ if (subPriority < bestSubPriority) {
+ bestNetwork = network;
+ bestSubPriority = subPriority;
}
}
-
- auto iter = mNetworks.find(UNREACHABLE_NET_ID);
- if (iter != mNetworks.end() && iter->second->appliesToUser(uid)) {
- return iter->second;
- }
- return nullptr;
+ return bestNetwork;
}
Permission NetworkController::getPermissionForUserLocked(uid_t uid) const {
@@ -827,8 +836,9 @@
return 0;
}
// If the UID wants to use a VPN, it can do so if and only if the VPN applies to the UID.
+ uint32_t subPriority;
if (network->isVirtual()) {
- return network->appliesToUser(uid) ? 0 : -EPERM;
+ return network->appliesToUser(uid, &subPriority) ? 0 : -EPERM;
}
// If a VPN applies to the UID, and the VPN is secure (i.e., not bypassable), then the UID can
// only select a different network if it has the ability to protect its sockets.
@@ -839,12 +849,12 @@
}
// If the UID wants to use a physical network and it has a UID range that includes the UID, the
// UID has permission to use it regardless of whether the permission bits match.
- if (network->isPhysical() && network->appliesToUser(uid)) {
+ if (network->isPhysical() && network->appliesToUser(uid, &subPriority)) {
return 0;
}
// Only apps that are configured as "no default network" can use the unreachable network.
if (network->isUnreachable()) {
- return network->appliesToUser(uid) ? 0 : -EPERM;
+ return network->appliesToUser(uid, &subPriority) ? 0 : -EPERM;
}
// Check whether the UID's permission bits are sufficient to use the network.
// Because the permission of the system default network is PERMISSION_NONE(0x0), apps can always
diff --git a/server/NetworkController.h b/server/NetworkController.h
index 4630225..a61ac39 100644
--- a/server/NetworkController.h
+++ b/server/NetworkController.h
@@ -119,8 +119,10 @@
[[nodiscard]] int setPermissionForNetworks(Permission permission,
const std::vector<unsigned>& netIds);
- [[nodiscard]] int addUsersToNetwork(unsigned netId, const UidRanges& uidRanges);
- [[nodiscard]] int removeUsersFromNetwork(unsigned netId, const UidRanges& uidRanges);
+ [[nodiscard]] int addUsersToNetwork(unsigned netId, const UidRanges& uidRanges,
+ uint32_t subPriority);
+ [[nodiscard]] int removeUsersFromNetwork(unsigned netId, const UidRanges& uidRanges,
+ uint32_t subPriority);
// |nexthop| can be NULL (to indicate a directly-connected route), "unreachable" (to indicate a
// route that's blocked), "throw" (to indicate the lack of a match), or a regular IP address.
diff --git a/server/PhysicalNetwork.cpp b/server/PhysicalNetwork.cpp
index 894d56a..7b9a19a 100644
--- a/server/PhysicalNetwork.cpp
+++ b/server/PhysicalNetwork.cpp
@@ -158,32 +158,35 @@
return 0;
}
-int PhysicalNetwork::addUsers(const UidRanges& uidRanges) {
- if (hasInvalidUidRanges(uidRanges)) {
+int PhysicalNetwork::addUsers(const UidRanges& uidRanges, uint32_t subPriority) {
+ if (!isValidSubPriority(subPriority) || !canAddUidRanges(uidRanges, subPriority)) {
return -EINVAL;
}
for (const std::string& interface : mInterfaces) {
- int ret = RouteController::addUsersToPhysicalNetwork(mNetId, interface.c_str(), uidRanges);
+ int ret = RouteController::addUsersToPhysicalNetwork(mNetId, interface.c_str(),
+ {{subPriority, uidRanges}});
if (ret) {
ALOGE("failed to add users on interface %s of netId %u", interface.c_str(), mNetId);
return ret;
}
}
- mUidRanges.add(uidRanges);
+ addToUidRangeMap(uidRanges, subPriority);
return 0;
}
-int PhysicalNetwork::removeUsers(const UidRanges& uidRanges) {
+int PhysicalNetwork::removeUsers(const UidRanges& uidRanges, uint32_t subPriority) {
+ if (!isValidSubPriority(subPriority)) return -EINVAL;
+
for (const std::string& interface : mInterfaces) {
int ret = RouteController::removeUsersFromPhysicalNetwork(mNetId, interface.c_str(),
- uidRanges);
+ {{subPriority, uidRanges}});
if (ret) {
ALOGE("failed to remove users on interface %s of netId %u", interface.c_str(), mNetId);
return ret;
}
}
- mUidRanges.remove(uidRanges);
+ removeFromUidRangeMap(uidRanges, subPriority);
return 0;
}
@@ -192,7 +195,7 @@
return 0;
}
if (int ret = RouteController::addInterfaceToPhysicalNetwork(mNetId, interface.c_str(),
- mPermission, mUidRanges)) {
+ mPermission, mUidRangeMap)) {
ALOGE("failed to add interface %s to netId %u", interface.c_str(), mNetId);
return ret;
}
@@ -219,7 +222,7 @@
// to find the interface index in the cache in cases where the interface is already gone
// (e.g. bt-pan).
if (int ret = RouteController::removeInterfaceFromPhysicalNetwork(mNetId, interface.c_str(),
- mPermission, mUidRanges)) {
+ mPermission, mUidRangeMap)) {
ALOGE("failed to remove interface %s from netId %u", interface.c_str(), mNetId);
return ret;
}
@@ -227,4 +230,9 @@
return 0;
}
+bool PhysicalNetwork::isValidSubPriority(uint32_t priority) {
+ return priority >= UidRanges::DEFAULT_SUB_PRIORITY &&
+ priority <= UidRanges::LOWEST_SUB_PRIORITY;
+}
+
} // namespace android::net
diff --git a/server/PhysicalNetwork.h b/server/PhysicalNetwork.h
index df2bd22..d9461b2 100644
--- a/server/PhysicalNetwork.h
+++ b/server/PhysicalNetwork.h
@@ -42,8 +42,8 @@
[[nodiscard]] int addAsDefault();
[[nodiscard]] int removeAsDefault();
- [[nodiscard]] int addUsers(const UidRanges& uidRanges) override;
- [[nodiscard]] int removeUsers(const UidRanges& uidRanges) override;
+ [[nodiscard]] int addUsers(const UidRanges& uidRanges, uint32_t subPriority) override;
+ [[nodiscard]] int removeUsers(const UidRanges& uidRanges, uint32_t subPriority) override;
bool isPhysical() override { return true; }
bool canAddUsers() override { return true; }
@@ -53,6 +53,7 @@
[[nodiscard]] int removeInterface(const std::string& interface) override;
int destroySocketsLackingPermission(Permission permission);
void invalidateRouteCache(const std::string& interface);
+ bool isValidSubPriority(uint32_t priority) override;
Delegate* const mDelegate;
Permission mPermission;
diff --git a/server/RouteController.cpp b/server/RouteController.cpp
index 666a88a..ba305e6 100644
--- a/server/RouteController.cpp
+++ b/server/RouteController.cpp
@@ -27,14 +27,11 @@
#include <map>
-#define LOG_TAG "Netd"
-
#include "DummyNetwork.h"
#include "Fwmark.h"
#include "NetdConstants.h"
#include "NetlinkCommands.h"
#include "OffloadUtils.h"
-#include "UidRanges.h"
#include <android-base/file.h>
#include <android-base/stringprintf.h>
@@ -495,7 +492,7 @@
// have, if they are subject to this VPN, their traffic has to go through it. Allows the traffic to
// bypass the VPN if the protectedFromVpn bit is set.
[[nodiscard]] static int modifyVpnUidRangeRule(uint32_t table, uid_t uidStart, uid_t uidEnd,
- bool secure, bool add) {
+ uint32_t subPriority, bool secure, bool add) {
Fwmark fwmark;
Fwmark mask;
@@ -513,8 +510,8 @@
mask.explicitlySelected = true;
}
- return modifyIpRule(add ? RTM_NEWRULE : RTM_DELRULE, priority, table, fwmark.intValue,
- mask.intValue, IIF_LOOPBACK, OIF_NONE, uidStart, uidEnd);
+ return modifyIpRule(add ? RTM_NEWRULE : RTM_DELRULE, priority + subPriority, table,
+ fwmark.intValue, mask.intValue, IIF_LOOPBACK, OIF_NONE, uidStart, uidEnd);
}
// A rule to allow system apps to send traffic over this VPN even if they are not part of the target
@@ -548,7 +545,7 @@
// modifyNetworkPermission().
[[nodiscard]] static int modifyExplicitNetworkRule(unsigned netId, uint32_t table,
Permission permission, uid_t uidStart,
- uid_t uidEnd, bool add) {
+ uid_t uidEnd, uint32_t subPriority, bool add) {
Fwmark fwmark;
Fwmark mask;
@@ -561,8 +558,9 @@
fwmark.permission = permission;
mask.permission = permission;
- return modifyIpRule(add ? RTM_NEWRULE : RTM_DELRULE, RULE_PRIORITY_EXPLICIT_NETWORK, table,
- fwmark.intValue, mask.intValue, IIF_LOOPBACK, OIF_NONE, uidStart, uidEnd);
+ return modifyIpRule(add ? RTM_NEWRULE : RTM_DELRULE,
+ RULE_PRIORITY_EXPLICIT_NETWORK + subPriority, table, fwmark.intValue,
+ mask.intValue, IIF_LOOPBACK, OIF_NONE, uidStart, uidEnd);
}
// A rule to route traffic based on a chosen outgoing interface.
@@ -571,7 +569,7 @@
// the outgoing interface (typically for link-local communications).
[[nodiscard]] static int modifyOutputInterfaceRules(const char* interface, uint32_t table,
Permission permission, uid_t uidStart,
- uid_t uidEnd, bool add) {
+ uid_t uidEnd, uint32_t subPriority, bool add) {
Fwmark fwmark;
Fwmark mask;
@@ -589,8 +587,9 @@
}
}
- return modifyIpRule(add ? RTM_NEWRULE : RTM_DELRULE, RULE_PRIORITY_OUTPUT_INTERFACE, table,
- fwmark.intValue, mask.intValue, IIF_LOOPBACK, interface, uidStart, uidEnd);
+ return modifyIpRule(add ? RTM_NEWRULE : RTM_DELRULE,
+ RULE_PRIORITY_OUTPUT_INTERFACE + subPriority, table, fwmark.intValue,
+ mask.intValue, IIF_LOOPBACK, interface, uidStart, uidEnd);
}
// A rule to route traffic based on the chosen network.
@@ -670,7 +669,8 @@
// Add rules to lookup the local network when specified explicitly or otherwise.
[[nodiscard]] static int addLocalNetworkRules(unsigned localNetId) {
if (int ret = modifyExplicitNetworkRule(localNetId, ROUTE_TABLE_LOCAL_NETWORK, PERMISSION_NONE,
- INVALID_UID, INVALID_UID, ACTION_ADD)) {
+ INVALID_UID, INVALID_UID,
+ UidRanges::DEFAULT_SUB_PRIORITY, ACTION_ADD)) {
return ret;
}
@@ -701,8 +701,9 @@
return -errno;
}
- if ((ret = modifyOutputInterfaceRules(interface, table, PERMISSION_NONE,
- INVALID_UID, INVALID_UID, ACTION_ADD))) {
+ if ((ret = modifyOutputInterfaceRules(interface, table, PERMISSION_NONE, INVALID_UID,
+ INVALID_UID, UidRanges::DEFAULT_SUB_PRIORITY,
+ ACTION_ADD))) {
ALOGE("Can't create oif rules for %s: %s", interface, strerror(-ret));
return ret;
}
@@ -735,11 +736,13 @@
}
maybeModifyQdiscClsact(interface, add);
return modifyOutputInterfaceRules(interface, ROUTE_TABLE_LOCAL_NETWORK, PERMISSION_NONE,
- INVALID_UID, INVALID_UID, add);
+ INVALID_UID, INVALID_UID, UidRanges::DEFAULT_SUB_PRIORITY,
+ add);
}
[[nodiscard]] static int modifyUidNetworkRule(unsigned netId, uint32_t table, uid_t uidStart,
- uid_t uidEnd, bool add, bool explicitSelect) {
+ uid_t uidEnd, uint32_t subPriority, bool add,
+ bool explicitSelect) {
if ((uidStart == INVALID_UID) || (uidEnd == INVALID_UID)) {
ALOGE("modifyUidNetworkRule, invalid UIDs (%u, %u)", uidStart, uidEnd);
return -EUSERS;
@@ -759,14 +762,14 @@
mask.permission = PERMISSION_NONE;
return modifyIpRule(add ? RTM_NEWRULE : RTM_DELRULE,
- explicitSelect ? RULE_PRIORITY_UID_EXPLICIT_NETWORK
- : RULE_PRIORITY_UID_IMPLICIT_NETWORK,
+ explicitSelect ? (RULE_PRIORITY_UID_EXPLICIT_NETWORK + subPriority)
+ : (RULE_PRIORITY_UID_IMPLICIT_NETWORK + subPriority),
table, fwmark.intValue, mask.intValue, IIF_LOOPBACK, OIF_NONE, uidStart,
uidEnd);
}
[[nodiscard]] static int modifyUidDefaultNetworkRule(uint32_t table, uid_t uidStart, uid_t uidEnd,
- bool add) {
+ uint32_t subPriority, bool add) {
if ((uidStart == INVALID_UID) || (uidEnd == INVALID_UID)) {
ALOGE("modifyUidDefaultNetworkRule, invalid UIDs (%u, %u)", uidStart, uidEnd);
return -EUSERS;
@@ -782,28 +785,34 @@
fwmark.permission = PERMISSION_NONE;
mask.permission = PERMISSION_NONE;
- return modifyIpRule(add ? RTM_NEWRULE : RTM_DELRULE, RULE_PRIORITY_UID_DEFAULT_NETWORK, table,
- fwmark.intValue, mask.intValue, IIF_LOOPBACK, OIF_NONE, uidStart, uidEnd);
+ return modifyIpRule(add ? RTM_NEWRULE : RTM_DELRULE,
+ RULE_PRIORITY_UID_DEFAULT_NETWORK + subPriority, table, fwmark.intValue,
+ mask.intValue, IIF_LOOPBACK, OIF_NONE, uidStart, uidEnd);
}
/* static */
int RouteController::modifyPhysicalNetwork(unsigned netId, const char* interface,
- const UidRanges& uidRanges, Permission permission,
+ const UidRangeMap& uidRangeMap, Permission permission,
bool add, bool modifyNonUidBasedRules) {
uint32_t table = getRouteTableForInterface(interface);
if (table == RT_TABLE_UNSPEC) {
return -ESRCH;
}
- for (const UidRangeParcel& range : uidRanges.getRanges()) {
- if (int ret = modifyUidNetworkRule(netId, table, range.start, range.stop, add, EXPLICIT)) {
- return ret;
- }
- if (int ret = modifyUidNetworkRule(netId, table, range.start, range.stop, add, IMPLICIT)) {
- return ret;
- }
- if (int ret = modifyUidDefaultNetworkRule(table, range.start, range.stop, add)) {
- return ret;
+ for (const auto& [subPriority, uidRanges] : uidRangeMap) {
+ for (const UidRangeParcel& range : uidRanges.getRanges()) {
+ if (int ret = modifyUidNetworkRule(netId, table, range.start, range.stop, subPriority,
+ add, EXPLICIT)) {
+ return ret;
+ }
+ if (int ret = modifyUidNetworkRule(netId, table, range.start, range.stop, subPriority,
+ add, IMPLICIT)) {
+ return ret;
+ }
+ if (int ret = modifyUidDefaultNetworkRule(table, range.start, range.stop, subPriority,
+ add)) {
+ return ret;
+ }
}
}
@@ -816,11 +825,11 @@
return ret;
}
if (int ret = modifyExplicitNetworkRule(netId, table, permission, INVALID_UID, INVALID_UID,
- add)) {
+ UidRanges::DEFAULT_SUB_PRIORITY, add)) {
return ret;
}
if (int ret = modifyOutputInterfaceRules(interface, table, permission, INVALID_UID, INVALID_UID,
- add)) {
+ UidRanges::DEFAULT_SUB_PRIORITY, add)) {
return ret;
}
@@ -851,7 +860,8 @@
}
[[nodiscard]] static int modifyUidUnreachableRule(unsigned netId, uid_t uidStart, uid_t uidEnd,
- bool add, bool explicitSelect) {
+ uint32_t subPriority, bool add,
+ bool explicitSelect) {
if ((uidStart == INVALID_UID) || (uidEnd == INVALID_UID)) {
ALOGE("modifyUidUnreachableRule, invalid UIDs (%u, %u)", uidStart, uidEnd);
return -EUSERS;
@@ -871,15 +881,16 @@
mask.permission = PERMISSION_NONE;
return modifyIpRule(add ? RTM_NEWRULE : RTM_DELRULE,
- explicitSelect ? RULE_PRIORITY_UID_EXPLICIT_NETWORK
- : RULE_PRIORITY_UID_IMPLICIT_NETWORK,
+ explicitSelect ? (RULE_PRIORITY_UID_EXPLICIT_NETWORK + subPriority)
+ : (RULE_PRIORITY_UID_IMPLICIT_NETWORK + subPriority),
FR_ACT_UNREACHABLE, RT_TABLE_UNSPEC, fwmark.intValue, mask.intValue,
IIF_LOOPBACK, OIF_NONE, uidStart, uidEnd);
}
-[[nodiscard]] static int modifyUidDefaultUnreachableRule(uid_t uidStart, uid_t uidEnd, bool add) {
+[[nodiscard]] static int modifyUidDefaultUnreachableRule(uid_t uidStart, uid_t uidEnd,
+ uint32_t subPriority, bool add) {
if ((uidStart == INVALID_UID) || (uidEnd == INVALID_UID)) {
- ALOGE("modifyUidDefaultNetworkRule, invalid UIDs (%u, %u)", uidStart, uidEnd);
+ ALOGE("modifyUidDefaultUnreachableRule, invalid UIDs (%u, %u)", uidStart, uidEnd);
return -EUSERS;
}
@@ -893,22 +904,28 @@
fwmark.permission = PERMISSION_NONE;
mask.permission = PERMISSION_NONE;
- return modifyIpRule(add ? RTM_NEWRULE : RTM_DELRULE, RULE_PRIORITY_UID_DEFAULT_UNREACHABLE,
- FR_ACT_UNREACHABLE, RT_TABLE_UNSPEC, fwmark.intValue, mask.intValue,
- IIF_LOOPBACK, OIF_NONE, uidStart, uidEnd);
+ return modifyIpRule(add ? RTM_NEWRULE : RTM_DELRULE,
+ RULE_PRIORITY_UID_DEFAULT_UNREACHABLE + subPriority, FR_ACT_UNREACHABLE,
+ RT_TABLE_UNSPEC, fwmark.intValue, mask.intValue, IIF_LOOPBACK, OIF_NONE,
+ uidStart, uidEnd);
}
-int RouteController::modifyUnreachableNetwork(unsigned netId, const UidRanges& uidRanges,
+int RouteController::modifyUnreachableNetwork(unsigned netId, const UidRangeMap& uidRangeMap,
bool add) {
- for (const UidRangeParcel& range : uidRanges.getRanges()) {
- if (int ret = modifyUidUnreachableRule(netId, range.start, range.stop, add, EXPLICIT)) {
- return ret;
- }
- if (int ret = modifyUidUnreachableRule(netId, range.start, range.stop, add, IMPLICIT)) {
- return ret;
- }
- if (int ret = modifyUidDefaultUnreachableRule(range.start, range.stop, add)) {
- return ret;
+ for (const auto& [subPriority, uidRanges] : uidRangeMap) {
+ for (const UidRangeParcel& range : uidRanges.getRanges()) {
+ if (int ret = modifyUidUnreachableRule(netId, range.start, range.stop, subPriority, add,
+ EXPLICIT)) {
+ return ret;
+ }
+ if (int ret = modifyUidUnreachableRule(netId, range.start, range.stop, subPriority, add,
+ IMPLICIT)) {
+ return ret;
+ }
+ if (int ret = modifyUidDefaultUnreachableRule(range.start, range.stop, subPriority,
+ add)) {
+ return ret;
+ }
}
}
@@ -933,24 +950,27 @@
}
int RouteController::modifyVirtualNetwork(unsigned netId, const char* interface,
- const UidRanges& uidRanges, bool secure, bool add,
+ const UidRangeMap& uidRangeMap, bool secure, bool add,
bool modifyNonUidBasedRules) {
uint32_t table = getRouteTableForInterface(interface);
if (table == RT_TABLE_UNSPEC) {
return -ESRCH;
}
- for (const UidRangeParcel& range : uidRanges.getRanges()) {
- if (int ret = modifyVpnUidRangeRule(table, range.start, range.stop, secure, add)) {
- return ret;
- }
- if (int ret = modifyExplicitNetworkRule(netId, table, PERMISSION_NONE, range.start,
- range.stop, add)) {
- return ret;
- }
- if (int ret = modifyOutputInterfaceRules(interface, table, PERMISSION_NONE, range.start,
- range.stop, add)) {
- return ret;
+ for (const auto& [subPriority, uidRanges] : uidRangeMap) {
+ for (const UidRangeParcel& range : uidRanges.getRanges()) {
+ if (int ret = modifyVpnUidRangeRule(table, range.start, range.stop, subPriority, secure,
+ add)) {
+ return ret;
+ }
+ if (int ret = modifyExplicitNetworkRule(netId, table, PERMISSION_NONE, range.start,
+ range.stop, subPriority, add)) {
+ return ret;
+ }
+ if (int ret = modifyOutputInterfaceRules(interface, table, PERMISSION_NONE, range.start,
+ range.stop, subPriority, add)) {
+ return ret;
+ }
}
}
@@ -964,7 +984,8 @@
if (int ret = modifyVpnSystemPermissionRule(netId, table, secure, add)) {
return ret;
}
- return modifyExplicitNetworkRule(netId, table, PERMISSION_NONE, UID_ROOT, UID_ROOT, add);
+ return modifyExplicitNetworkRule(netId, table, PERMISSION_NONE, UID_ROOT, UID_ROOT,
+ UidRanges::DEFAULT_SUB_PRIORITY, add);
}
return 0;
@@ -1166,8 +1187,8 @@
int RouteController::addInterfaceToPhysicalNetwork(unsigned netId, const char* interface,
Permission permission,
- const UidRanges& uidRanges) {
- if (int ret = modifyPhysicalNetwork(netId, interface, uidRanges, permission, ACTION_ADD,
+ const UidRangeMap& uidRangeMap) {
+ if (int ret = modifyPhysicalNetwork(netId, interface, uidRangeMap, permission, ACTION_ADD,
MODIFY_NON_UID_BASED_RULES)) {
return ret;
}
@@ -1178,8 +1199,8 @@
int RouteController::removeInterfaceFromPhysicalNetwork(unsigned netId, const char* interface,
Permission permission,
- const UidRanges& uidRanges) {
- if (int ret = modifyPhysicalNetwork(netId, interface, uidRanges, permission, ACTION_DEL,
+ const UidRangeMap& uidRangeMap) {
+ if (int ret = modifyPhysicalNetwork(netId, interface, uidRangeMap, permission, ACTION_DEL,
MODIFY_NON_UID_BASED_RULES)) {
return ret;
}
@@ -1195,8 +1216,8 @@
}
int RouteController::addInterfaceToVirtualNetwork(unsigned netId, const char* interface,
- bool secure, const UidRanges& uidRanges) {
- if (int ret = modifyVirtualNetwork(netId, interface, uidRanges, secure, ACTION_ADD,
+ bool secure, const UidRangeMap& uidRangeMap) {
+ if (int ret = modifyVirtualNetwork(netId, interface, uidRangeMap, secure, ACTION_ADD,
MODIFY_NON_UID_BASED_RULES)) {
return ret;
}
@@ -1205,8 +1226,9 @@
}
int RouteController::removeInterfaceFromVirtualNetwork(unsigned netId, const char* interface,
- bool secure, const UidRanges& uidRanges) {
- if (int ret = modifyVirtualNetwork(netId, interface, uidRanges, secure, ACTION_DEL,
+ bool secure,
+ const UidRangeMap& uidRangeMap) {
+ if (int ret = modifyVirtualNetwork(netId, interface, uidRangeMap, secure, ACTION_DEL,
MODIFY_NON_UID_BASED_RULES)) {
return ret;
}
@@ -1220,13 +1242,15 @@
int RouteController::modifyPhysicalNetworkPermission(unsigned netId, const char* interface,
Permission oldPermission,
Permission newPermission) {
- UidRanges noUidRanges;
+ // Physical network rules either use permission bits or UIDs, but not both.
+ // So permission changes don't affect any UID-based rules.
+ UidRangeMap emptyUidRangeMap;
// Add the new rules before deleting the old ones, to avoid race conditions.
- if (int ret = modifyPhysicalNetwork(netId, interface, noUidRanges, newPermission, ACTION_ADD,
- MODIFY_NON_UID_BASED_RULES)) {
+ if (int ret = modifyPhysicalNetwork(netId, interface, emptyUidRangeMap, newPermission,
+ ACTION_ADD, MODIFY_NON_UID_BASED_RULES)) {
return ret;
}
- return modifyPhysicalNetwork(netId, interface, noUidRanges, oldPermission, ACTION_DEL,
+ return modifyPhysicalNetwork(netId, interface, emptyUidRangeMap, oldPermission, ACTION_DEL,
MODIFY_NON_UID_BASED_RULES);
}
@@ -1239,14 +1263,14 @@
}
int RouteController::addUsersToVirtualNetwork(unsigned netId, const char* interface, bool secure,
- const UidRanges& uidRanges) {
- return modifyVirtualNetwork(netId, interface, uidRanges, secure, ACTION_ADD,
+ const UidRangeMap& uidRangeMap) {
+ return modifyVirtualNetwork(netId, interface, uidRangeMap, secure, ACTION_ADD,
!MODIFY_NON_UID_BASED_RULES);
}
int RouteController::removeUsersFromVirtualNetwork(unsigned netId, const char* interface,
- bool secure, const UidRanges& uidRanges) {
- return modifyVirtualNetwork(netId, interface, uidRanges, secure, ACTION_DEL,
+ bool secure, const UidRangeMap& uidRangeMap) {
+ return modifyVirtualNetwork(netId, interface, uidRangeMap, secure, ACTION_DEL,
!MODIFY_NON_UID_BASED_RULES);
}
@@ -1297,23 +1321,24 @@
}
int RouteController::addUsersToPhysicalNetwork(unsigned netId, const char* interface,
- const UidRanges& uidRanges) {
- return modifyPhysicalNetwork(netId, interface, uidRanges, PERMISSION_NONE, ACTION_ADD,
+ const UidRangeMap& uidRangeMap) {
+ return modifyPhysicalNetwork(netId, interface, uidRangeMap, PERMISSION_NONE, ACTION_ADD,
!MODIFY_NON_UID_BASED_RULES);
}
int RouteController::removeUsersFromPhysicalNetwork(unsigned netId, const char* interface,
- const UidRanges& uidRanges) {
- return modifyPhysicalNetwork(netId, interface, uidRanges, PERMISSION_NONE, ACTION_DEL,
+ const UidRangeMap& uidRangeMap) {
+ return modifyPhysicalNetwork(netId, interface, uidRangeMap, PERMISSION_NONE, ACTION_DEL,
!MODIFY_NON_UID_BASED_RULES);
}
-int RouteController::addUsersToUnreachableNetwork(unsigned netId, const UidRanges& uidRanges) {
- return modifyUnreachableNetwork(netId, uidRanges, ACTION_ADD);
+int RouteController::addUsersToUnreachableNetwork(unsigned netId, const UidRangeMap& uidRangeMap) {
+ return modifyUnreachableNetwork(netId, uidRangeMap, ACTION_ADD);
}
-int RouteController::removeUsersFromUnreachableNetwork(unsigned netId, const UidRanges& uidRanges) {
- return modifyUnreachableNetwork(netId, uidRanges, ACTION_DEL);
+int RouteController::removeUsersFromUnreachableNetwork(unsigned netId,
+ const UidRangeMap& uidRangeMap) {
+ return modifyUnreachableNetwork(netId, uidRangeMap, ACTION_DEL);
}
// Protects sInterfaceToTable.
diff --git a/server/RouteController.h b/server/RouteController.h
index 7f1f960..38d2d62 100644
--- a/server/RouteController.h
+++ b/server/RouteController.h
@@ -17,6 +17,7 @@
#pragma once
#include "NetdConstants.h" // IptablesTarget
+#include "Network.h" // UidRangeMap
#include "Permission.h"
#include <android-base/thread_annotations.h>
@@ -107,26 +108,28 @@
[[nodiscard]] static int addInterfaceToPhysicalNetwork(unsigned netId, const char* interface,
Permission permission,
- const UidRanges& uidRanges);
+ const UidRangeMap& uidRangeMap);
[[nodiscard]] static int removeInterfaceFromPhysicalNetwork(unsigned netId,
const char* interface,
Permission permission,
- const UidRanges& uidRanges);
+ const UidRangeMap& uidRangeMap);
[[nodiscard]] static int addInterfaceToVirtualNetwork(unsigned netId, const char* interface,
- bool secure, const UidRanges& uidRanges);
+ bool secure,
+ const UidRangeMap& uidRangeMap);
[[nodiscard]] static int removeInterfaceFromVirtualNetwork(unsigned netId,
const char* interface, bool secure,
- const UidRanges& uidRanges);
+ const UidRangeMap& uidRangeMap);
[[nodiscard]] static int modifyPhysicalNetworkPermission(unsigned netId, const char* interface,
Permission oldPermission,
Permission newPermission);
[[nodiscard]] static int addUsersToVirtualNetwork(unsigned netId, const char* interface,
- bool secure, const UidRanges& uidRanges);
+ bool secure, const UidRangeMap& uidRangeMap);
[[nodiscard]] static int removeUsersFromVirtualNetwork(unsigned netId, const char* interface,
- bool secure, const UidRanges& uidRanges);
+ bool secure,
+ const UidRangeMap& uidRangeMap);
[[nodiscard]] static int addUsersToRejectNonSecureNetworkRule(const UidRanges& uidRanges);
[[nodiscard]] static int removeUsersFromRejectNonSecureNetworkRule(const UidRanges& uidRanges);
@@ -158,16 +161,16 @@
Permission permission);
[[nodiscard]] static int addUsersToPhysicalNetwork(unsigned netId, const char* interface,
- const UidRanges& uidRanges);
+ const UidRangeMap& uidRangeMap);
[[nodiscard]] static int removeUsersFromPhysicalNetwork(unsigned netId, const char* interface,
- const UidRanges& uidRanges);
+ const UidRangeMap& uidRangeMap);
[[nodiscard]] static int addUsersToUnreachableNetwork(unsigned netId,
- const UidRanges& uidRanges);
+ const UidRangeMap& uidRangeMap);
[[nodiscard]] static int removeUsersFromUnreachableNetwork(unsigned netId,
- const UidRanges& uidRanges);
+ const UidRangeMap& uidRangeMap);
// For testing.
static int (*iptablesRestoreCommandFunction)(IptablesTarget, const std::string&,
@@ -187,9 +190,9 @@
static uint32_t getRouteTableForInterface(const char *interface) EXCLUDES(sInterfaceToTableLock);
static int modifyDefaultNetwork(uint16_t action, const char* interface, Permission permission);
static int modifyPhysicalNetwork(unsigned netId, const char* interface,
- const UidRanges& uidRanges, Permission permission, bool add,
- bool modifyNonUidBasedRules);
- static int modifyUnreachableNetwork(unsigned netId, const UidRanges& uidRanges, bool add);
+ const UidRangeMap& uidRangeMap, Permission permission,
+ bool add, bool modifyNonUidBasedRules);
+ static int modifyUnreachableNetwork(unsigned netId, const UidRangeMap& uidRangeMap, bool add);
static int modifyRoute(uint16_t action, uint16_t flags, const char* interface,
const char* destination, const char* nexthop, TableType tableType,
int mtu);
@@ -198,7 +201,7 @@
static int modifyVpnFallthroughRule(uint16_t action, unsigned vpnNetId,
const char* physicalInterface, Permission permission);
static int modifyVirtualNetwork(unsigned netId, const char* interface,
- const UidRanges& uidRanges, bool secure, bool add,
+ const UidRangeMap& uidRangeMap, bool secure, bool add,
bool modifyNonUidBasedRules);
static void updateTableNamesFile() EXCLUDES(sInterfaceToTableLock);
};
diff --git a/server/UidRanges.cpp b/server/UidRanges.cpp
index 5b4f59f..093a1e2 100644
--- a/server/UidRanges.cpp
+++ b/server/UidRanges.cpp
@@ -155,7 +155,7 @@
}
std::string UidRanges::toString() const {
- std::string s("UidRanges{ ");
+ std::string s("uids{ ");
for (const auto &range : mRanges) {
if (length(range) == 0) {
StringAppendF(&s, "<BAD: %u-%u> ", range.start, range.stop);
diff --git a/server/UidRanges.h b/server/UidRanges.h
index f322390..99e7a99 100644
--- a/server/UidRanges.h
+++ b/server/UidRanges.h
@@ -28,6 +28,9 @@
class UidRanges {
public:
+ static constexpr int DEFAULT_SUB_PRIORITY = 0;
+ static constexpr int LOWEST_SUB_PRIORITY = 999;
+
UidRanges() {}
UidRanges(const std::vector<android::net::UidRangeParcel>& ranges);
@@ -44,6 +47,7 @@
bool overlapsSelf() const;
// check if this object has uid overlap with the input object.
bool overlaps(const UidRanges& other) const;
+ bool empty() const { return mRanges.empty(); }
private:
// a utility to check if two UidRangeParcels have uid overlap.
diff --git a/server/UnreachableNetwork.cpp b/server/UnreachableNetwork.cpp
index b17c998..2f801f0 100644
--- a/server/UnreachableNetwork.cpp
+++ b/server/UnreachableNetwork.cpp
@@ -26,29 +26,37 @@
// The unreachable network is used to reject traffic. It is used for system purposes only.
UnreachableNetwork::UnreachableNetwork(unsigned netId) : Network(netId) {}
-int UnreachableNetwork::addUsers(const UidRanges& uidRanges) {
- if (hasInvalidUidRanges(uidRanges)) {
+int UnreachableNetwork::addUsers(const UidRanges& uidRanges, uint32_t subPriority) {
+ if (!isValidSubPriority(subPriority) || !canAddUidRanges(uidRanges, subPriority)) {
return -EINVAL;
}
- int ret = RouteController::addUsersToUnreachableNetwork(mNetId, uidRanges);
+ int ret = RouteController::addUsersToUnreachableNetwork(mNetId, {{subPriority, uidRanges}});
if (ret) {
ALOGE("failed to add users to unreachable network");
return ret;
}
- mUidRanges.add(uidRanges);
+ addToUidRangeMap(uidRanges, subPriority);
return 0;
}
-int UnreachableNetwork::removeUsers(const UidRanges& uidRanges) {
- int ret = RouteController::removeUsersFromUnreachableNetwork(mNetId, uidRanges);
+int UnreachableNetwork::removeUsers(const UidRanges& uidRanges, uint32_t subPriority) {
+ if (!isValidSubPriority(subPriority)) return -EINVAL;
+
+ int ret =
+ RouteController::removeUsersFromUnreachableNetwork(mNetId, {{subPriority, uidRanges}});
if (ret) {
ALOGE("failed to remove users from unreachable network");
return ret;
}
- mUidRanges.remove(uidRanges);
+ removeFromUidRangeMap(uidRanges, subPriority);
return 0;
}
+bool UnreachableNetwork::isValidSubPriority(uint32_t priority) {
+ return priority >= UidRanges::DEFAULT_SUB_PRIORITY &&
+ priority <= UidRanges::LOWEST_SUB_PRIORITY;
+}
+
} // namespace net
} // namespace android
diff --git a/server/UnreachableNetwork.h b/server/UnreachableNetwork.h
index a80f3f3..f1547d6 100644
--- a/server/UnreachableNetwork.h
+++ b/server/UnreachableNetwork.h
@@ -23,13 +23,14 @@
class UnreachableNetwork : public Network {
public:
explicit UnreachableNetwork(unsigned netId);
- [[nodiscard]] int addUsers(const UidRanges& uidRanges) override;
- [[nodiscard]] int removeUsers(const UidRanges& uidRanges) override;
+ [[nodiscard]] int addUsers(const UidRanges& uidRanges, uint32_t subPriority) override;
+ [[nodiscard]] int removeUsers(const UidRanges& uidRanges, uint32_t subPriority) override;
bool isUnreachable() override { return true; }
bool canAddUsers() override { return true; }
private:
std::string getTypeString() const override { return "UNREACHABLE"; };
+ bool isValidSubPriority(uint32_t priority) override;
};
} // namespace android::net
\ No newline at end of file
diff --git a/server/VirtualNetwork.cpp b/server/VirtualNetwork.cpp
index 93f4c3e..1906e20 100644
--- a/server/VirtualNetwork.cpp
+++ b/server/VirtualNetwork.cpp
@@ -31,33 +31,35 @@
VirtualNetwork::~VirtualNetwork() {}
-int VirtualNetwork::addUsers(const UidRanges& uidRanges) {
- if (hasInvalidUidRanges(uidRanges)) {
+int VirtualNetwork::addUsers(const UidRanges& uidRanges, uint32_t subPriority) {
+ if (!isValidSubPriority(subPriority) || !canAddUidRanges(uidRanges, subPriority)) {
return -EINVAL;
}
for (const std::string& interface : mInterfaces) {
int ret = RouteController::addUsersToVirtualNetwork(mNetId, interface.c_str(), mSecure,
- uidRanges);
+ {{subPriority, uidRanges}});
if (ret) {
ALOGE("failed to add users on interface %s of netId %u", interface.c_str(), mNetId);
return ret;
}
}
- mUidRanges.add(uidRanges);
+ addToUidRangeMap(uidRanges, subPriority);
return 0;
}
-int VirtualNetwork::removeUsers(const UidRanges& uidRanges) {
+int VirtualNetwork::removeUsers(const UidRanges& uidRanges, uint32_t subPriority) {
+ if (!isValidSubPriority(subPriority)) return -EINVAL;
+
for (const std::string& interface : mInterfaces) {
int ret = RouteController::removeUsersFromVirtualNetwork(mNetId, interface.c_str(), mSecure,
- uidRanges);
+ {{subPriority, uidRanges}});
if (ret) {
ALOGE("failed to remove users on interface %s of netId %u", interface.c_str(), mNetId);
return ret;
}
}
- mUidRanges.remove(uidRanges);
+ removeFromUidRangeMap(uidRanges, subPriority);
return 0;
}
@@ -66,7 +68,7 @@
return 0;
}
if (int ret = RouteController::addInterfaceToVirtualNetwork(mNetId, interface.c_str(), mSecure,
- mUidRanges)) {
+ mUidRangeMap)) {
ALOGE("failed to add interface %s to VPN netId %u", interface.c_str(), mNetId);
return ret;
}
@@ -79,7 +81,7 @@
return 0;
}
if (int ret = RouteController::removeInterfaceFromVirtualNetwork(mNetId, interface.c_str(),
- mSecure, mUidRanges)) {
+ mSecure, mUidRangeMap)) {
ALOGE("failed to remove interface %s from VPN netId %u", interface.c_str(), mNetId);
return ret;
}
@@ -87,5 +89,10 @@
return 0;
}
+bool VirtualNetwork::isValidSubPriority(uint32_t priority) {
+ // Only supports default subsidiary permissions.
+ return priority == UidRanges::DEFAULT_SUB_PRIORITY;
+}
+
} // namespace net
} // namespace android
diff --git a/server/VirtualNetwork.h b/server/VirtualNetwork.h
index ebda7da..20c9e2c 100644
--- a/server/VirtualNetwork.h
+++ b/server/VirtualNetwork.h
@@ -33,8 +33,8 @@
public:
VirtualNetwork(unsigned netId, bool secure);
virtual ~VirtualNetwork();
- [[nodiscard]] int addUsers(const UidRanges& uidRanges) override;
- [[nodiscard]] int removeUsers(const UidRanges& uidRanges) override;
+ [[nodiscard]] int addUsers(const UidRanges& uidRanges, uint32_t subPriority) override;
+ [[nodiscard]] int removeUsers(const UidRanges& uidRanges, uint32_t subPriority) override;
bool isVirtual() override { return true; }
bool canAddUsers() override { return true; }
@@ -42,6 +42,7 @@
std::string getTypeString() const override { return "VIRTUAL"; };
[[nodiscard]] int addInterface(const std::string& interface) override;
[[nodiscard]] int removeInterface(const std::string& interface) override;
+ bool isValidSubPriority(uint32_t priority) override;
};
} // namespace android::net
diff --git a/server/aidl_api/netd_aidl_interface/1/.hash b/server/aidl_api/netd_aidl_interface/1/.hash
deleted file mode 100644
index d33e903..0000000
--- a/server/aidl_api/netd_aidl_interface/1/.hash
+++ /dev/null
@@ -1 +0,0 @@
-69c2ac134efbb31e9591d7e5c3640fb839e23bdb
diff --git a/server/aidl_api/netd_aidl_interface/1/android/net/INetd.aidl b/server/aidl_api/netd_aidl_interface/1/android/net/INetd.aidl
deleted file mode 100644
index 664c643..0000000
--- a/server/aidl_api/netd_aidl_interface/1/android/net/INetd.aidl
+++ /dev/null
@@ -1,132 +0,0 @@
-package android.net;
-interface INetd {
- boolean isAlive();
- boolean firewallReplaceUidChain(in @utf8InCpp String chainName, boolean isWhitelist, in int[] uids);
- boolean bandwidthEnableDataSaver(boolean enable);
- void networkCreatePhysical(int netId, int permission);
- void networkCreateVpn(int netId, boolean secure);
- void networkDestroy(int netId);
- void networkAddInterface(int netId, in @utf8InCpp String iface);
- void networkRemoveInterface(int netId, in @utf8InCpp String iface);
- void networkAddUidRanges(int netId, in android.net.UidRangeParcel[] uidRanges);
- void networkRemoveUidRanges(int netId, in android.net.UidRangeParcel[] uidRanges);
- void networkRejectNonSecureVpn(boolean add, in android.net.UidRangeParcel[] uidRanges);
- void socketDestroy(in android.net.UidRangeParcel[] uidRanges, in int[] exemptUids);
- boolean tetherApplyDnsInterfaces();
- android.net.TetherStatsParcel[] tetherGetStats();
- void interfaceAddAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString, int prefixLength);
- void interfaceDelAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString, int prefixLength);
- @utf8InCpp String getProcSysNet(int ipversion, int which, in @utf8InCpp String ifname, in @utf8InCpp String parameter);
- void setProcSysNet(int ipversion, int which, in @utf8InCpp String ifname, in @utf8InCpp String parameter, in @utf8InCpp String value);
- void ipSecSetEncapSocketOwner(in ParcelFileDescriptor socket, int newUid);
- int ipSecAllocateSpi(int transformId, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi);
- void ipSecAddSecurityAssociation(int transformId, int mode, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int underlyingNetId, int spi, int markValue, int markMask, in @utf8InCpp String authAlgo, in byte[] authKey, in int authTruncBits, in @utf8InCpp String cryptAlgo, in byte[] cryptKey, in int cryptTruncBits, in @utf8InCpp String aeadAlgo, in byte[] aeadKey, in int aeadIcvBits, int encapType, int encapLocalPort, int encapRemotePort, int interfaceId);
- void ipSecDeleteSecurityAssociation(int transformId, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi, int markValue, int markMask, int interfaceId);
- void ipSecApplyTransportModeTransform(in ParcelFileDescriptor socket, int transformId, int direction, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi);
- void ipSecRemoveTransportModeTransform(in ParcelFileDescriptor socket);
- void ipSecAddSecurityPolicy(int transformId, int selAddrFamily, int direction, in @utf8InCpp String tmplSrcAddress, in @utf8InCpp String tmplDstAddress, int spi, int markValue, int markMask, int interfaceId);
- void ipSecUpdateSecurityPolicy(int transformId, int selAddrFamily, int direction, in @utf8InCpp String tmplSrcAddress, in @utf8InCpp String tmplDstAddress, int spi, int markValue, int markMask, int interfaceId);
- void ipSecDeleteSecurityPolicy(int transformId, int selAddrFamily, int direction, int markValue, int markMask, int interfaceId);
- void ipSecAddTunnelInterface(in @utf8InCpp String deviceName, in @utf8InCpp String localAddress, in @utf8InCpp String remoteAddress, int iKey, int oKey, int interfaceId);
- void ipSecUpdateTunnelInterface(in @utf8InCpp String deviceName, in @utf8InCpp String localAddress, in @utf8InCpp String remoteAddress, int iKey, int oKey, int interfaceId);
- void ipSecRemoveTunnelInterface(in @utf8InCpp String deviceName);
- void wakeupAddInterface(in @utf8InCpp String ifName, in @utf8InCpp String prefix, int mark, int mask);
- void wakeupDelInterface(in @utf8InCpp String ifName, in @utf8InCpp String prefix, int mark, int mask);
- void setIPv6AddrGenMode(in @utf8InCpp String ifName, int mode);
- void idletimerAddInterface(in @utf8InCpp String ifName, int timeout, in @utf8InCpp String classLabel);
- void idletimerRemoveInterface(in @utf8InCpp String ifName, int timeout, in @utf8InCpp String classLabel);
- void strictUidCleartextPenalty(int uid, int policyPenalty);
- @utf8InCpp String clatdStart(in @utf8InCpp String ifName, in @utf8InCpp String nat64Prefix);
- void clatdStop(in @utf8InCpp String ifName);
- boolean ipfwdEnabled();
- @utf8InCpp String[] ipfwdGetRequesterList();
- void ipfwdEnableForwarding(in @utf8InCpp String requester);
- void ipfwdDisableForwarding(in @utf8InCpp String requester);
- void ipfwdAddInterfaceForward(in @utf8InCpp String fromIface, in @utf8InCpp String toIface);
- void ipfwdRemoveInterfaceForward(in @utf8InCpp String fromIface, in @utf8InCpp String toIface);
- void bandwidthSetInterfaceQuota(in @utf8InCpp String ifName, long bytes);
- void bandwidthRemoveInterfaceQuota(in @utf8InCpp String ifName);
- void bandwidthSetInterfaceAlert(in @utf8InCpp String ifName, long bytes);
- void bandwidthRemoveInterfaceAlert(in @utf8InCpp String ifName);
- void bandwidthSetGlobalAlert(long bytes);
- void bandwidthAddNaughtyApp(int uid);
- void bandwidthRemoveNaughtyApp(int uid);
- void bandwidthAddNiceApp(int uid);
- void bandwidthRemoveNiceApp(int uid);
- void tetherStart(in @utf8InCpp String[] dhcpRanges);
- void tetherStop();
- boolean tetherIsEnabled();
- void tetherInterfaceAdd(in @utf8InCpp String ifName);
- void tetherInterfaceRemove(in @utf8InCpp String ifName);
- @utf8InCpp String[] tetherInterfaceList();
- void tetherDnsSet(int netId, in @utf8InCpp String[] dnsAddrs);
- @utf8InCpp String[] tetherDnsList();
- void networkAddRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop);
- void networkRemoveRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop);
- void networkAddLegacyRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop, int uid);
- void networkRemoveLegacyRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop, int uid);
- int networkGetDefault();
- void networkSetDefault(int netId);
- void networkClearDefault();
- void networkSetPermissionForNetwork(int netId, int permission);
- void networkSetPermissionForUser(int permission, in int[] uids);
- void networkClearPermissionForUser(in int[] uids);
- void trafficSetNetPermForUids(int permission, in int[] uids);
- void networkSetProtectAllow(int uid);
- void networkSetProtectDeny(int uid);
- boolean networkCanProtect(int uid);
- void firewallSetFirewallType(int firewalltype);
- void firewallSetInterfaceRule(in @utf8InCpp String ifName, int firewallRule);
- void firewallSetUidRule(int childChain, int uid, int firewallRule);
- void firewallEnableChildChain(int childChain, boolean enable);
- @utf8InCpp String[] interfaceGetList();
- android.net.InterfaceConfigurationParcel interfaceGetCfg(in @utf8InCpp String ifName);
- void interfaceSetCfg(in android.net.InterfaceConfigurationParcel cfg);
- void interfaceSetIPv6PrivacyExtensions(in @utf8InCpp String ifName, boolean enable);
- void interfaceClearAddrs(in @utf8InCpp String ifName);
- void interfaceSetEnableIPv6(in @utf8InCpp String ifName, boolean enable);
- void interfaceSetMtu(in @utf8InCpp String ifName, int mtu);
- void tetherAddForward(in @utf8InCpp String intIface, in @utf8InCpp String extIface);
- void tetherRemoveForward(in @utf8InCpp String intIface, in @utf8InCpp String extIface);
- void setTcpRWmemorySize(in @utf8InCpp String rmemValues, in @utf8InCpp String wmemValues);
- void registerUnsolicitedEventListener(android.net.INetdUnsolicitedEventListener listener);
- const int IPV4 = 4;
- const int IPV6 = 6;
- const int CONF = 1;
- const int NEIGH = 2;
- const String IPSEC_INTERFACE_PREFIX = "ipsec";
- const int IPV6_ADDR_GEN_MODE_EUI64 = 0;
- const int IPV6_ADDR_GEN_MODE_NONE = 1;
- const int IPV6_ADDR_GEN_MODE_STABLE_PRIVACY = 2;
- const int IPV6_ADDR_GEN_MODE_RANDOM = 3;
- const int IPV6_ADDR_GEN_MODE_DEFAULT = 0;
- const int PENALTY_POLICY_ACCEPT = 1;
- const int PENALTY_POLICY_LOG = 2;
- const int PENALTY_POLICY_REJECT = 3;
- const int LOCAL_NET_ID = 99;
- const String NEXTHOP_NONE = "";
- const String NEXTHOP_UNREACHABLE = "unreachable";
- const String NEXTHOP_THROW = "throw";
- const int PERMISSION_NONE = 0;
- const int PERMISSION_NETWORK = 1;
- const int PERMISSION_SYSTEM = 2;
- const int NO_PERMISSIONS = 0;
- const int PERMISSION_INTERNET = 4;
- const int PERMISSION_UPDATE_DEVICE_STATS = 8;
- const int PERMISSION_UNINSTALLED = -1;
- const int FIREWALL_WHITELIST = 0;
- const int FIREWALL_BLACKLIST = 1;
- const int FIREWALL_RULE_ALLOW = 1;
- const int FIREWALL_RULE_DENY = 2;
- const int FIREWALL_CHAIN_NONE = 0;
- const int FIREWALL_CHAIN_DOZABLE = 1;
- const int FIREWALL_CHAIN_STANDBY = 2;
- const int FIREWALL_CHAIN_POWERSAVE = 3;
- const String IF_STATE_UP = "up";
- const String IF_STATE_DOWN = "down";
- const String IF_FLAG_BROADCAST = "broadcast";
- const String IF_FLAG_LOOPBACK = "loopback";
- const String IF_FLAG_POINTOPOINT = "point-to-point";
- const String IF_FLAG_RUNNING = "running";
- const String IF_FLAG_MULTICAST = "multicast";
-}
diff --git a/server/aidl_api/netd_aidl_interface/1/android/net/INetdUnsolicitedEventListener.aidl b/server/aidl_api/netd_aidl_interface/1/android/net/INetdUnsolicitedEventListener.aidl
deleted file mode 100644
index 18631ff..0000000
--- a/server/aidl_api/netd_aidl_interface/1/android/net/INetdUnsolicitedEventListener.aidl
+++ /dev/null
@@ -1,14 +0,0 @@
-package android.net;
-interface INetdUnsolicitedEventListener {
- oneway void onInterfaceClassActivityChanged(boolean isActive, int timerLabel, long timestampNs, int uid);
- oneway void onQuotaLimitReached(@utf8InCpp String alertName, @utf8InCpp String ifName);
- oneway void onInterfaceDnsServerInfo(@utf8InCpp String ifName, long lifetimeS, in @utf8InCpp String[] servers);
- oneway void onInterfaceAddressUpdated(@utf8InCpp String addr, @utf8InCpp String ifName, int flags, int scope);
- oneway void onInterfaceAddressRemoved(@utf8InCpp String addr, @utf8InCpp String ifName, int flags, int scope);
- oneway void onInterfaceAdded(@utf8InCpp String ifName);
- oneway void onInterfaceRemoved(@utf8InCpp String ifName);
- oneway void onInterfaceChanged(@utf8InCpp String ifName, boolean up);
- oneway void onInterfaceLinkStateChanged(@utf8InCpp String ifName, boolean up);
- oneway void onRouteChanged(boolean updated, @utf8InCpp String route, @utf8InCpp String gateway, @utf8InCpp String ifName);
- oneway void onStrictCleartextDetected(int uid, @utf8InCpp String hex);
-}
diff --git a/server/aidl_api/netd_aidl_interface/1/android/net/InterfaceConfigurationParcel.aidl b/server/aidl_api/netd_aidl_interface/1/android/net/InterfaceConfigurationParcel.aidl
deleted file mode 100644
index 93407dc..0000000
--- a/server/aidl_api/netd_aidl_interface/1/android/net/InterfaceConfigurationParcel.aidl
+++ /dev/null
@@ -1,8 +0,0 @@
-package android.net;
-parcelable InterfaceConfigurationParcel {
- @utf8InCpp String ifName;
- @utf8InCpp String hwAddr;
- @utf8InCpp String ipv4Addr;
- int prefixLength;
- @utf8InCpp String[] flags;
-}
diff --git a/server/aidl_api/netd_aidl_interface/1/android/net/TetherStatsParcel.aidl b/server/aidl_api/netd_aidl_interface/1/android/net/TetherStatsParcel.aidl
deleted file mode 100644
index d1782bb..0000000
--- a/server/aidl_api/netd_aidl_interface/1/android/net/TetherStatsParcel.aidl
+++ /dev/null
@@ -1,8 +0,0 @@
-package android.net;
-parcelable TetherStatsParcel {
- @utf8InCpp String iface;
- long rxBytes;
- long rxPackets;
- long txBytes;
- long txPackets;
-}
diff --git a/server/aidl_api/netd_aidl_interface/1/android/net/UidRangeParcel.aidl b/server/aidl_api/netd_aidl_interface/1/android/net/UidRangeParcel.aidl
deleted file mode 100644
index d3bc7ed..0000000
--- a/server/aidl_api/netd_aidl_interface/1/android/net/UidRangeParcel.aidl
+++ /dev/null
@@ -1,5 +0,0 @@
-package android.net;
-parcelable UidRangeParcel {
- int start;
- int stop;
-}
diff --git a/server/aidl_api/netd_aidl_interface/2/.hash b/server/aidl_api/netd_aidl_interface/2/.hash
deleted file mode 100644
index 5fc5b2d..0000000
--- a/server/aidl_api/netd_aidl_interface/2/.hash
+++ /dev/null
@@ -1 +0,0 @@
-e395d63302c47e7d2dac0d503045779029ff598b
diff --git a/server/aidl_api/netd_aidl_interface/2/android/net/INetd.aidl b/server/aidl_api/netd_aidl_interface/2/android/net/INetd.aidl
deleted file mode 100644
index 0e2d5f4..0000000
--- a/server/aidl_api/netd_aidl_interface/2/android/net/INetd.aidl
+++ /dev/null
@@ -1,153 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a frozen snapshot of an AIDL interface (or parcelable). Do not
-// try to edit this file. It looks like you are doing that because you have
-// modified an AIDL interface in a backward-incompatible way, e.g., deleting a
-// function from an interface or a field from a parcelable and it broke the
-// build. That breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-interface INetd {
- boolean isAlive();
- boolean firewallReplaceUidChain(in @utf8InCpp String chainName, boolean isWhitelist, in int[] uids);
- boolean bandwidthEnableDataSaver(boolean enable);
- void networkCreatePhysical(int netId, int permission);
- void networkCreateVpn(int netId, boolean secure);
- void networkDestroy(int netId);
- void networkAddInterface(int netId, in @utf8InCpp String iface);
- void networkRemoveInterface(int netId, in @utf8InCpp String iface);
- void networkAddUidRanges(int netId, in android.net.UidRangeParcel[] uidRanges);
- void networkRemoveUidRanges(int netId, in android.net.UidRangeParcel[] uidRanges);
- void networkRejectNonSecureVpn(boolean add, in android.net.UidRangeParcel[] uidRanges);
- void socketDestroy(in android.net.UidRangeParcel[] uidRanges, in int[] exemptUids);
- boolean tetherApplyDnsInterfaces();
- android.net.TetherStatsParcel[] tetherGetStats();
- void interfaceAddAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString, int prefixLength);
- void interfaceDelAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString, int prefixLength);
- @utf8InCpp String getProcSysNet(int ipversion, int which, in @utf8InCpp String ifname, in @utf8InCpp String parameter);
- void setProcSysNet(int ipversion, int which, in @utf8InCpp String ifname, in @utf8InCpp String parameter, in @utf8InCpp String value);
- void ipSecSetEncapSocketOwner(in ParcelFileDescriptor socket, int newUid);
- int ipSecAllocateSpi(int transformId, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi);
- void ipSecAddSecurityAssociation(int transformId, int mode, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int underlyingNetId, int spi, int markValue, int markMask, in @utf8InCpp String authAlgo, in byte[] authKey, in int authTruncBits, in @utf8InCpp String cryptAlgo, in byte[] cryptKey, in int cryptTruncBits, in @utf8InCpp String aeadAlgo, in byte[] aeadKey, in int aeadIcvBits, int encapType, int encapLocalPort, int encapRemotePort, int interfaceId);
- void ipSecDeleteSecurityAssociation(int transformId, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi, int markValue, int markMask, int interfaceId);
- void ipSecApplyTransportModeTransform(in ParcelFileDescriptor socket, int transformId, int direction, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi);
- void ipSecRemoveTransportModeTransform(in ParcelFileDescriptor socket);
- void ipSecAddSecurityPolicy(int transformId, int selAddrFamily, int direction, in @utf8InCpp String tmplSrcAddress, in @utf8InCpp String tmplDstAddress, int spi, int markValue, int markMask, int interfaceId);
- void ipSecUpdateSecurityPolicy(int transformId, int selAddrFamily, int direction, in @utf8InCpp String tmplSrcAddress, in @utf8InCpp String tmplDstAddress, int spi, int markValue, int markMask, int interfaceId);
- void ipSecDeleteSecurityPolicy(int transformId, int selAddrFamily, int direction, int markValue, int markMask, int interfaceId);
- void ipSecAddTunnelInterface(in @utf8InCpp String deviceName, in @utf8InCpp String localAddress, in @utf8InCpp String remoteAddress, int iKey, int oKey, int interfaceId);
- void ipSecUpdateTunnelInterface(in @utf8InCpp String deviceName, in @utf8InCpp String localAddress, in @utf8InCpp String remoteAddress, int iKey, int oKey, int interfaceId);
- void ipSecRemoveTunnelInterface(in @utf8InCpp String deviceName);
- void wakeupAddInterface(in @utf8InCpp String ifName, in @utf8InCpp String prefix, int mark, int mask);
- void wakeupDelInterface(in @utf8InCpp String ifName, in @utf8InCpp String prefix, int mark, int mask);
- void setIPv6AddrGenMode(in @utf8InCpp String ifName, int mode);
- void idletimerAddInterface(in @utf8InCpp String ifName, int timeout, in @utf8InCpp String classLabel);
- void idletimerRemoveInterface(in @utf8InCpp String ifName, int timeout, in @utf8InCpp String classLabel);
- void strictUidCleartextPenalty(int uid, int policyPenalty);
- @utf8InCpp String clatdStart(in @utf8InCpp String ifName, in @utf8InCpp String nat64Prefix);
- void clatdStop(in @utf8InCpp String ifName);
- boolean ipfwdEnabled();
- @utf8InCpp String[] ipfwdGetRequesterList();
- void ipfwdEnableForwarding(in @utf8InCpp String requester);
- void ipfwdDisableForwarding(in @utf8InCpp String requester);
- void ipfwdAddInterfaceForward(in @utf8InCpp String fromIface, in @utf8InCpp String toIface);
- void ipfwdRemoveInterfaceForward(in @utf8InCpp String fromIface, in @utf8InCpp String toIface);
- void bandwidthSetInterfaceQuota(in @utf8InCpp String ifName, long bytes);
- void bandwidthRemoveInterfaceQuota(in @utf8InCpp String ifName);
- void bandwidthSetInterfaceAlert(in @utf8InCpp String ifName, long bytes);
- void bandwidthRemoveInterfaceAlert(in @utf8InCpp String ifName);
- void bandwidthSetGlobalAlert(long bytes);
- void bandwidthAddNaughtyApp(int uid);
- void bandwidthRemoveNaughtyApp(int uid);
- void bandwidthAddNiceApp(int uid);
- void bandwidthRemoveNiceApp(int uid);
- void tetherStart(in @utf8InCpp String[] dhcpRanges);
- void tetherStop();
- boolean tetherIsEnabled();
- void tetherInterfaceAdd(in @utf8InCpp String ifName);
- void tetherInterfaceRemove(in @utf8InCpp String ifName);
- @utf8InCpp String[] tetherInterfaceList();
- void tetherDnsSet(int netId, in @utf8InCpp String[] dnsAddrs);
- @utf8InCpp String[] tetherDnsList();
- void networkAddRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop);
- void networkRemoveRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop);
- void networkAddLegacyRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop, int uid);
- void networkRemoveLegacyRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop, int uid);
- int networkGetDefault();
- void networkSetDefault(int netId);
- void networkClearDefault();
- void networkSetPermissionForNetwork(int netId, int permission);
- void networkSetPermissionForUser(int permission, in int[] uids);
- void networkClearPermissionForUser(in int[] uids);
- void trafficSetNetPermForUids(int permission, in int[] uids);
- void networkSetProtectAllow(int uid);
- void networkSetProtectDeny(int uid);
- boolean networkCanProtect(int uid);
- void firewallSetFirewallType(int firewalltype);
- void firewallSetInterfaceRule(in @utf8InCpp String ifName, int firewallRule);
- void firewallSetUidRule(int childChain, int uid, int firewallRule);
- void firewallEnableChildChain(int childChain, boolean enable);
- @utf8InCpp String[] interfaceGetList();
- android.net.InterfaceConfigurationParcel interfaceGetCfg(in @utf8InCpp String ifName);
- void interfaceSetCfg(in android.net.InterfaceConfigurationParcel cfg);
- void interfaceSetIPv6PrivacyExtensions(in @utf8InCpp String ifName, boolean enable);
- void interfaceClearAddrs(in @utf8InCpp String ifName);
- void interfaceSetEnableIPv6(in @utf8InCpp String ifName, boolean enable);
- void interfaceSetMtu(in @utf8InCpp String ifName, int mtu);
- void tetherAddForward(in @utf8InCpp String intIface, in @utf8InCpp String extIface);
- void tetherRemoveForward(in @utf8InCpp String intIface, in @utf8InCpp String extIface);
- void setTcpRWmemorySize(in @utf8InCpp String rmemValues, in @utf8InCpp String wmemValues);
- void registerUnsolicitedEventListener(android.net.INetdUnsolicitedEventListener listener);
- void firewallAddUidInterfaceRules(in @utf8InCpp String ifName, in int[] uids);
- void firewallRemoveUidInterfaceRules(in int[] uids);
- void trafficSwapActiveStatsMap();
- IBinder getOemNetd();
- const int IPV4 = 4;
- const int IPV6 = 6;
- const int CONF = 1;
- const int NEIGH = 2;
- const String IPSEC_INTERFACE_PREFIX = "ipsec";
- const int IPV6_ADDR_GEN_MODE_EUI64 = 0;
- const int IPV6_ADDR_GEN_MODE_NONE = 1;
- const int IPV6_ADDR_GEN_MODE_STABLE_PRIVACY = 2;
- const int IPV6_ADDR_GEN_MODE_RANDOM = 3;
- const int IPV6_ADDR_GEN_MODE_DEFAULT = 0;
- const int PENALTY_POLICY_ACCEPT = 1;
- const int PENALTY_POLICY_LOG = 2;
- const int PENALTY_POLICY_REJECT = 3;
- const int LOCAL_NET_ID = 99;
- const String NEXTHOP_NONE = "";
- const String NEXTHOP_UNREACHABLE = "unreachable";
- const String NEXTHOP_THROW = "throw";
- const int PERMISSION_NONE = 0;
- const int PERMISSION_NETWORK = 1;
- const int PERMISSION_SYSTEM = 2;
- const int NO_PERMISSIONS = 0;
- const int PERMISSION_INTERNET = 4;
- const int PERMISSION_UPDATE_DEVICE_STATS = 8;
- const int PERMISSION_UNINSTALLED = -1;
- const int FIREWALL_WHITELIST = 0;
- const int FIREWALL_BLACKLIST = 1;
- const int FIREWALL_RULE_ALLOW = 1;
- const int FIREWALL_RULE_DENY = 2;
- const int FIREWALL_CHAIN_NONE = 0;
- const int FIREWALL_CHAIN_DOZABLE = 1;
- const int FIREWALL_CHAIN_STANDBY = 2;
- const int FIREWALL_CHAIN_POWERSAVE = 3;
- const String IF_STATE_UP = "up";
- const String IF_STATE_DOWN = "down";
- const String IF_FLAG_BROADCAST = "broadcast";
- const String IF_FLAG_LOOPBACK = "loopback";
- const String IF_FLAG_POINTOPOINT = "point-to-point";
- const String IF_FLAG_RUNNING = "running";
- const String IF_FLAG_MULTICAST = "multicast";
-}
diff --git a/server/aidl_api/netd_aidl_interface/2/android/net/INetdUnsolicitedEventListener.aidl b/server/aidl_api/netd_aidl_interface/2/android/net/INetdUnsolicitedEventListener.aidl
deleted file mode 100644
index 621f1cf..0000000
--- a/server/aidl_api/netd_aidl_interface/2/android/net/INetdUnsolicitedEventListener.aidl
+++ /dev/null
@@ -1,31 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a frozen snapshot of an AIDL interface (or parcelable). Do not
-// try to edit this file. It looks like you are doing that because you have
-// modified an AIDL interface in a backward-incompatible way, e.g., deleting a
-// function from an interface or a field from a parcelable and it broke the
-// build. That breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-interface INetdUnsolicitedEventListener {
- oneway void onInterfaceClassActivityChanged(boolean isActive, int timerLabel, long timestampNs, int uid);
- oneway void onQuotaLimitReached(@utf8InCpp String alertName, @utf8InCpp String ifName);
- oneway void onInterfaceDnsServerInfo(@utf8InCpp String ifName, long lifetimeS, in @utf8InCpp String[] servers);
- oneway void onInterfaceAddressUpdated(@utf8InCpp String addr, @utf8InCpp String ifName, int flags, int scope);
- oneway void onInterfaceAddressRemoved(@utf8InCpp String addr, @utf8InCpp String ifName, int flags, int scope);
- oneway void onInterfaceAdded(@utf8InCpp String ifName);
- oneway void onInterfaceRemoved(@utf8InCpp String ifName);
- oneway void onInterfaceChanged(@utf8InCpp String ifName, boolean up);
- oneway void onInterfaceLinkStateChanged(@utf8InCpp String ifName, boolean up);
- oneway void onRouteChanged(boolean updated, @utf8InCpp String route, @utf8InCpp String gateway, @utf8InCpp String ifName);
- oneway void onStrictCleartextDetected(int uid, @utf8InCpp String hex);
-}
diff --git a/server/aidl_api/netd_aidl_interface/2/android/net/InterfaceConfigurationParcel.aidl b/server/aidl_api/netd_aidl_interface/2/android/net/InterfaceConfigurationParcel.aidl
deleted file mode 100644
index 18de61f..0000000
--- a/server/aidl_api/netd_aidl_interface/2/android/net/InterfaceConfigurationParcel.aidl
+++ /dev/null
@@ -1,25 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a frozen snapshot of an AIDL interface (or parcelable). Do not
-// try to edit this file. It looks like you are doing that because you have
-// modified an AIDL interface in a backward-incompatible way, e.g., deleting a
-// function from an interface or a field from a parcelable and it broke the
-// build. That breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-parcelable InterfaceConfigurationParcel {
- @utf8InCpp String ifName;
- @utf8InCpp String hwAddr;
- @utf8InCpp String ipv4Addr;
- int prefixLength;
- @utf8InCpp String[] flags;
-}
diff --git a/server/aidl_api/netd_aidl_interface/2/android/net/TetherStatsParcel.aidl b/server/aidl_api/netd_aidl_interface/2/android/net/TetherStatsParcel.aidl
deleted file mode 100644
index c0ba676..0000000
--- a/server/aidl_api/netd_aidl_interface/2/android/net/TetherStatsParcel.aidl
+++ /dev/null
@@ -1,25 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a frozen snapshot of an AIDL interface (or parcelable). Do not
-// try to edit this file. It looks like you are doing that because you have
-// modified an AIDL interface in a backward-incompatible way, e.g., deleting a
-// function from an interface or a field from a parcelable and it broke the
-// build. That breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-parcelable TetherStatsParcel {
- @utf8InCpp String iface;
- long rxBytes;
- long rxPackets;
- long txBytes;
- long txPackets;
-}
diff --git a/server/aidl_api/netd_aidl_interface/2/android/net/UidRangeParcel.aidl b/server/aidl_api/netd_aidl_interface/2/android/net/UidRangeParcel.aidl
deleted file mode 100644
index c2c35db..0000000
--- a/server/aidl_api/netd_aidl_interface/2/android/net/UidRangeParcel.aidl
+++ /dev/null
@@ -1,22 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a frozen snapshot of an AIDL interface (or parcelable). Do not
-// try to edit this file. It looks like you are doing that because you have
-// modified an AIDL interface in a backward-incompatible way, e.g., deleting a
-// function from an interface or a field from a parcelable and it broke the
-// build. That breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-parcelable UidRangeParcel {
- int start;
- int stop;
-}
diff --git a/server/aidl_api/netd_aidl_interface/3/.hash b/server/aidl_api/netd_aidl_interface/3/.hash
deleted file mode 100644
index 59cf708..0000000
--- a/server/aidl_api/netd_aidl_interface/3/.hash
+++ /dev/null
@@ -1 +0,0 @@
-e17c1f9b2068b539b22e3a4a447edea3c80aee4b
diff --git a/server/aidl_api/netd_aidl_interface/3/android/net/INetd.aidl b/server/aidl_api/netd_aidl_interface/3/android/net/INetd.aidl
deleted file mode 100644
index 135b738..0000000
--- a/server/aidl_api/netd_aidl_interface/3/android/net/INetd.aidl
+++ /dev/null
@@ -1,161 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-interface INetd {
- boolean isAlive();
- boolean firewallReplaceUidChain(in @utf8InCpp String chainName, boolean isWhitelist, in int[] uids);
- boolean bandwidthEnableDataSaver(boolean enable);
- void networkCreatePhysical(int netId, int permission);
- void networkCreateVpn(int netId, boolean secure);
- void networkDestroy(int netId);
- void networkAddInterface(int netId, in @utf8InCpp String iface);
- void networkRemoveInterface(int netId, in @utf8InCpp String iface);
- void networkAddUidRanges(int netId, in android.net.UidRangeParcel[] uidRanges);
- void networkRemoveUidRanges(int netId, in android.net.UidRangeParcel[] uidRanges);
- void networkRejectNonSecureVpn(boolean add, in android.net.UidRangeParcel[] uidRanges);
- void socketDestroy(in android.net.UidRangeParcel[] uidRanges, in int[] exemptUids);
- boolean tetherApplyDnsInterfaces();
- android.net.TetherStatsParcel[] tetherGetStats();
- void interfaceAddAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString, int prefixLength);
- void interfaceDelAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString, int prefixLength);
- @utf8InCpp String getProcSysNet(int ipversion, int which, in @utf8InCpp String ifname, in @utf8InCpp String parameter);
- void setProcSysNet(int ipversion, int which, in @utf8InCpp String ifname, in @utf8InCpp String parameter, in @utf8InCpp String value);
- void ipSecSetEncapSocketOwner(in ParcelFileDescriptor socket, int newUid);
- int ipSecAllocateSpi(int transformId, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi);
- void ipSecAddSecurityAssociation(int transformId, int mode, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int underlyingNetId, int spi, int markValue, int markMask, in @utf8InCpp String authAlgo, in byte[] authKey, in int authTruncBits, in @utf8InCpp String cryptAlgo, in byte[] cryptKey, in int cryptTruncBits, in @utf8InCpp String aeadAlgo, in byte[] aeadKey, in int aeadIcvBits, int encapType, int encapLocalPort, int encapRemotePort, int interfaceId);
- void ipSecDeleteSecurityAssociation(int transformId, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi, int markValue, int markMask, int interfaceId);
- void ipSecApplyTransportModeTransform(in ParcelFileDescriptor socket, int transformId, int direction, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi);
- void ipSecRemoveTransportModeTransform(in ParcelFileDescriptor socket);
- void ipSecAddSecurityPolicy(int transformId, int selAddrFamily, int direction, in @utf8InCpp String tmplSrcAddress, in @utf8InCpp String tmplDstAddress, int spi, int markValue, int markMask, int interfaceId);
- void ipSecUpdateSecurityPolicy(int transformId, int selAddrFamily, int direction, in @utf8InCpp String tmplSrcAddress, in @utf8InCpp String tmplDstAddress, int spi, int markValue, int markMask, int interfaceId);
- void ipSecDeleteSecurityPolicy(int transformId, int selAddrFamily, int direction, int markValue, int markMask, int interfaceId);
- void ipSecAddTunnelInterface(in @utf8InCpp String deviceName, in @utf8InCpp String localAddress, in @utf8InCpp String remoteAddress, int iKey, int oKey, int interfaceId);
- void ipSecUpdateTunnelInterface(in @utf8InCpp String deviceName, in @utf8InCpp String localAddress, in @utf8InCpp String remoteAddress, int iKey, int oKey, int interfaceId);
- void ipSecRemoveTunnelInterface(in @utf8InCpp String deviceName);
- void wakeupAddInterface(in @utf8InCpp String ifName, in @utf8InCpp String prefix, int mark, int mask);
- void wakeupDelInterface(in @utf8InCpp String ifName, in @utf8InCpp String prefix, int mark, int mask);
- void setIPv6AddrGenMode(in @utf8InCpp String ifName, int mode);
- void idletimerAddInterface(in @utf8InCpp String ifName, int timeout, in @utf8InCpp String classLabel);
- void idletimerRemoveInterface(in @utf8InCpp String ifName, int timeout, in @utf8InCpp String classLabel);
- void strictUidCleartextPenalty(int uid, int policyPenalty);
- @utf8InCpp String clatdStart(in @utf8InCpp String ifName, in @utf8InCpp String nat64Prefix);
- void clatdStop(in @utf8InCpp String ifName);
- boolean ipfwdEnabled();
- @utf8InCpp String[] ipfwdGetRequesterList();
- void ipfwdEnableForwarding(in @utf8InCpp String requester);
- void ipfwdDisableForwarding(in @utf8InCpp String requester);
- void ipfwdAddInterfaceForward(in @utf8InCpp String fromIface, in @utf8InCpp String toIface);
- void ipfwdRemoveInterfaceForward(in @utf8InCpp String fromIface, in @utf8InCpp String toIface);
- void bandwidthSetInterfaceQuota(in @utf8InCpp String ifName, long bytes);
- void bandwidthRemoveInterfaceQuota(in @utf8InCpp String ifName);
- void bandwidthSetInterfaceAlert(in @utf8InCpp String ifName, long bytes);
- void bandwidthRemoveInterfaceAlert(in @utf8InCpp String ifName);
- void bandwidthSetGlobalAlert(long bytes);
- void bandwidthAddNaughtyApp(int uid);
- void bandwidthRemoveNaughtyApp(int uid);
- void bandwidthAddNiceApp(int uid);
- void bandwidthRemoveNiceApp(int uid);
- void tetherStart(in @utf8InCpp String[] dhcpRanges);
- void tetherStop();
- boolean tetherIsEnabled();
- void tetherInterfaceAdd(in @utf8InCpp String ifName);
- void tetherInterfaceRemove(in @utf8InCpp String ifName);
- @utf8InCpp String[] tetherInterfaceList();
- void tetherDnsSet(int netId, in @utf8InCpp String[] dnsAddrs);
- @utf8InCpp String[] tetherDnsList();
- void networkAddRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop);
- void networkRemoveRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop);
- void networkAddLegacyRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop, int uid);
- void networkRemoveLegacyRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop, int uid);
- int networkGetDefault();
- void networkSetDefault(int netId);
- void networkClearDefault();
- void networkSetPermissionForNetwork(int netId, int permission);
- void networkSetPermissionForUser(int permission, in int[] uids);
- void networkClearPermissionForUser(in int[] uids);
- void trafficSetNetPermForUids(int permission, in int[] uids);
- void networkSetProtectAllow(int uid);
- void networkSetProtectDeny(int uid);
- boolean networkCanProtect(int uid);
- void firewallSetFirewallType(int firewalltype);
- void firewallSetInterfaceRule(in @utf8InCpp String ifName, int firewallRule);
- void firewallSetUidRule(int childChain, int uid, int firewallRule);
- void firewallEnableChildChain(int childChain, boolean enable);
- @utf8InCpp String[] interfaceGetList();
- android.net.InterfaceConfigurationParcel interfaceGetCfg(in @utf8InCpp String ifName);
- void interfaceSetCfg(in android.net.InterfaceConfigurationParcel cfg);
- void interfaceSetIPv6PrivacyExtensions(in @utf8InCpp String ifName, boolean enable);
- void interfaceClearAddrs(in @utf8InCpp String ifName);
- void interfaceSetEnableIPv6(in @utf8InCpp String ifName, boolean enable);
- void interfaceSetMtu(in @utf8InCpp String ifName, int mtu);
- void tetherAddForward(in @utf8InCpp String intIface, in @utf8InCpp String extIface);
- void tetherRemoveForward(in @utf8InCpp String intIface, in @utf8InCpp String extIface);
- void setTcpRWmemorySize(in @utf8InCpp String rmemValues, in @utf8InCpp String wmemValues);
- void registerUnsolicitedEventListener(android.net.INetdUnsolicitedEventListener listener);
- void firewallAddUidInterfaceRules(in @utf8InCpp String ifName, in int[] uids);
- void firewallRemoveUidInterfaceRules(in int[] uids);
- void trafficSwapActiveStatsMap();
- IBinder getOemNetd();
- void tetherStartWithConfiguration(in android.net.TetherConfigParcel config);
- android.net.MarkMaskParcel getFwmarkForNetwork(int netId);
- void networkAddRouteParcel(int netId, in android.net.RouteInfoParcel routeInfo);
- void networkUpdateRouteParcel(int netId, in android.net.RouteInfoParcel routeInfo);
- void networkRemoveRouteParcel(int netId, in android.net.RouteInfoParcel routeInfo);
- void tetherOffloadRuleAdd(in android.net.TetherOffloadRuleParcel rule);
- void tetherOffloadRuleRemove(in android.net.TetherOffloadRuleParcel rule);
- const int IPV4 = 4;
- const int IPV6 = 6;
- const int CONF = 1;
- const int NEIGH = 2;
- const String IPSEC_INTERFACE_PREFIX = "ipsec";
- const int IPV6_ADDR_GEN_MODE_EUI64 = 0;
- const int IPV6_ADDR_GEN_MODE_NONE = 1;
- const int IPV6_ADDR_GEN_MODE_STABLE_PRIVACY = 2;
- const int IPV6_ADDR_GEN_MODE_RANDOM = 3;
- const int IPV6_ADDR_GEN_MODE_DEFAULT = 0;
- const int PENALTY_POLICY_ACCEPT = 1;
- const int PENALTY_POLICY_LOG = 2;
- const int PENALTY_POLICY_REJECT = 3;
- const int LOCAL_NET_ID = 99;
- const String NEXTHOP_NONE = "";
- const String NEXTHOP_UNREACHABLE = "unreachable";
- const String NEXTHOP_THROW = "throw";
- const int PERMISSION_NONE = 0;
- const int PERMISSION_NETWORK = 1;
- const int PERMISSION_SYSTEM = 2;
- const int NO_PERMISSIONS = 0;
- const int PERMISSION_INTERNET = 4;
- const int PERMISSION_UPDATE_DEVICE_STATS = 8;
- const int PERMISSION_UNINSTALLED = -1;
- const int FIREWALL_WHITELIST = 0;
- const int FIREWALL_BLACKLIST = 1;
- const int FIREWALL_RULE_ALLOW = 1;
- const int FIREWALL_RULE_DENY = 2;
- const int FIREWALL_CHAIN_NONE = 0;
- const int FIREWALL_CHAIN_DOZABLE = 1;
- const int FIREWALL_CHAIN_STANDBY = 2;
- const int FIREWALL_CHAIN_POWERSAVE = 3;
- const String IF_STATE_UP = "up";
- const String IF_STATE_DOWN = "down";
- const String IF_FLAG_BROADCAST = "broadcast";
- const String IF_FLAG_LOOPBACK = "loopback";
- const String IF_FLAG_POINTOPOINT = "point-to-point";
- const String IF_FLAG_RUNNING = "running";
- const String IF_FLAG_MULTICAST = "multicast";
-}
diff --git a/server/aidl_api/netd_aidl_interface/3/android/net/INetdUnsolicitedEventListener.aidl b/server/aidl_api/netd_aidl_interface/3/android/net/INetdUnsolicitedEventListener.aidl
deleted file mode 100644
index 4459363..0000000
--- a/server/aidl_api/netd_aidl_interface/3/android/net/INetdUnsolicitedEventListener.aidl
+++ /dev/null
@@ -1,32 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-interface INetdUnsolicitedEventListener {
- oneway void onInterfaceClassActivityChanged(boolean isActive, int timerLabel, long timestampNs, int uid);
- oneway void onQuotaLimitReached(@utf8InCpp String alertName, @utf8InCpp String ifName);
- oneway void onInterfaceDnsServerInfo(@utf8InCpp String ifName, long lifetimeS, in @utf8InCpp String[] servers);
- oneway void onInterfaceAddressUpdated(@utf8InCpp String addr, @utf8InCpp String ifName, int flags, int scope);
- oneway void onInterfaceAddressRemoved(@utf8InCpp String addr, @utf8InCpp String ifName, int flags, int scope);
- oneway void onInterfaceAdded(@utf8InCpp String ifName);
- oneway void onInterfaceRemoved(@utf8InCpp String ifName);
- oneway void onInterfaceChanged(@utf8InCpp String ifName, boolean up);
- oneway void onInterfaceLinkStateChanged(@utf8InCpp String ifName, boolean up);
- oneway void onRouteChanged(boolean updated, @utf8InCpp String route, @utf8InCpp String gateway, @utf8InCpp String ifName);
- oneway void onStrictCleartextDetected(int uid, @utf8InCpp String hex);
-}
diff --git a/server/aidl_api/netd_aidl_interface/3/android/net/InterfaceConfigurationParcel.aidl b/server/aidl_api/netd_aidl_interface/3/android/net/InterfaceConfigurationParcel.aidl
deleted file mode 100644
index 01e0f95..0000000
--- a/server/aidl_api/netd_aidl_interface/3/android/net/InterfaceConfigurationParcel.aidl
+++ /dev/null
@@ -1,26 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable InterfaceConfigurationParcel {
- @utf8InCpp String ifName;
- @utf8InCpp String hwAddr;
- @utf8InCpp String ipv4Addr;
- int prefixLength;
- @utf8InCpp String[] flags;
-}
diff --git a/server/aidl_api/netd_aidl_interface/3/android/net/MarkMaskParcel.aidl b/server/aidl_api/netd_aidl_interface/3/android/net/MarkMaskParcel.aidl
deleted file mode 100644
index 62be838..0000000
--- a/server/aidl_api/netd_aidl_interface/3/android/net/MarkMaskParcel.aidl
+++ /dev/null
@@ -1,23 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable MarkMaskParcel {
- int mark;
- int mask;
-}
diff --git a/server/aidl_api/netd_aidl_interface/3/android/net/RouteInfoParcel.aidl b/server/aidl_api/netd_aidl_interface/3/android/net/RouteInfoParcel.aidl
deleted file mode 100644
index 5e0ee62..0000000
--- a/server/aidl_api/netd_aidl_interface/3/android/net/RouteInfoParcel.aidl
+++ /dev/null
@@ -1,24 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-parcelable RouteInfoParcel {
- @utf8InCpp String destination;
- @utf8InCpp String ifName;
- @utf8InCpp String nextHop;
- int mtu;
-}
diff --git a/server/aidl_api/netd_aidl_interface/3/android/net/TetherConfigParcel.aidl b/server/aidl_api/netd_aidl_interface/3/android/net/TetherConfigParcel.aidl
deleted file mode 100644
index b136454..0000000
--- a/server/aidl_api/netd_aidl_interface/3/android/net/TetherConfigParcel.aidl
+++ /dev/null
@@ -1,23 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable TetherConfigParcel {
- boolean usingLegacyDnsProxy;
- @utf8InCpp String[] dhcpRanges;
-}
diff --git a/server/aidl_api/netd_aidl_interface/3/android/net/TetherOffloadRuleParcel.aidl b/server/aidl_api/netd_aidl_interface/3/android/net/TetherOffloadRuleParcel.aidl
deleted file mode 100644
index 3abf0f8..0000000
--- a/server/aidl_api/netd_aidl_interface/3/android/net/TetherOffloadRuleParcel.aidl
+++ /dev/null
@@ -1,27 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable TetherOffloadRuleParcel {
- int inputInterfaceIndex;
- int outputInterfaceIndex;
- byte[] destination;
- int prefixLength;
- byte[] srcL2Address;
- byte[] dstL2Address;
-}
diff --git a/server/aidl_api/netd_aidl_interface/3/android/net/TetherStatsParcel.aidl b/server/aidl_api/netd_aidl_interface/3/android/net/TetherStatsParcel.aidl
deleted file mode 100644
index 71ffb9b..0000000
--- a/server/aidl_api/netd_aidl_interface/3/android/net/TetherStatsParcel.aidl
+++ /dev/null
@@ -1,26 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable TetherStatsParcel {
- @utf8InCpp String iface;
- long rxBytes;
- long rxPackets;
- long txBytes;
- long txPackets;
-}
diff --git a/server/aidl_api/netd_aidl_interface/3/android/net/UidRangeParcel.aidl b/server/aidl_api/netd_aidl_interface/3/android/net/UidRangeParcel.aidl
deleted file mode 100644
index 84ff457..0000000
--- a/server/aidl_api/netd_aidl_interface/3/android/net/UidRangeParcel.aidl
+++ /dev/null
@@ -1,23 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable UidRangeParcel {
- int start;
- int stop;
-}
diff --git a/server/aidl_api/netd_aidl_interface/4/.hash b/server/aidl_api/netd_aidl_interface/4/.hash
deleted file mode 100644
index 0c3f810..0000000
--- a/server/aidl_api/netd_aidl_interface/4/.hash
+++ /dev/null
@@ -1 +0,0 @@
-63adaa5098e4d8621e90c5a84f7cb93505c79311
diff --git a/server/aidl_api/netd_aidl_interface/4/android/net/INetd.aidl b/server/aidl_api/netd_aidl_interface/4/android/net/INetd.aidl
deleted file mode 100644
index 47e2931..0000000
--- a/server/aidl_api/netd_aidl_interface/4/android/net/INetd.aidl
+++ /dev/null
@@ -1,164 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-interface INetd {
- boolean isAlive();
- boolean firewallReplaceUidChain(in @utf8InCpp String chainName, boolean isWhitelist, in int[] uids);
- boolean bandwidthEnableDataSaver(boolean enable);
- void networkCreatePhysical(int netId, int permission);
- void networkCreateVpn(int netId, boolean secure);
- void networkDestroy(int netId);
- void networkAddInterface(int netId, in @utf8InCpp String iface);
- void networkRemoveInterface(int netId, in @utf8InCpp String iface);
- void networkAddUidRanges(int netId, in android.net.UidRangeParcel[] uidRanges);
- void networkRemoveUidRanges(int netId, in android.net.UidRangeParcel[] uidRanges);
- void networkRejectNonSecureVpn(boolean add, in android.net.UidRangeParcel[] uidRanges);
- void socketDestroy(in android.net.UidRangeParcel[] uidRanges, in int[] exemptUids);
- boolean tetherApplyDnsInterfaces();
- android.net.TetherStatsParcel[] tetherGetStats();
- void interfaceAddAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString, int prefixLength);
- void interfaceDelAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString, int prefixLength);
- @utf8InCpp String getProcSysNet(int ipversion, int which, in @utf8InCpp String ifname, in @utf8InCpp String parameter);
- void setProcSysNet(int ipversion, int which, in @utf8InCpp String ifname, in @utf8InCpp String parameter, in @utf8InCpp String value);
- void ipSecSetEncapSocketOwner(in ParcelFileDescriptor socket, int newUid);
- int ipSecAllocateSpi(int transformId, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi);
- void ipSecAddSecurityAssociation(int transformId, int mode, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int underlyingNetId, int spi, int markValue, int markMask, in @utf8InCpp String authAlgo, in byte[] authKey, in int authTruncBits, in @utf8InCpp String cryptAlgo, in byte[] cryptKey, in int cryptTruncBits, in @utf8InCpp String aeadAlgo, in byte[] aeadKey, in int aeadIcvBits, int encapType, int encapLocalPort, int encapRemotePort, int interfaceId);
- void ipSecDeleteSecurityAssociation(int transformId, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi, int markValue, int markMask, int interfaceId);
- void ipSecApplyTransportModeTransform(in ParcelFileDescriptor socket, int transformId, int direction, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi);
- void ipSecRemoveTransportModeTransform(in ParcelFileDescriptor socket);
- void ipSecAddSecurityPolicy(int transformId, int selAddrFamily, int direction, in @utf8InCpp String tmplSrcAddress, in @utf8InCpp String tmplDstAddress, int spi, int markValue, int markMask, int interfaceId);
- void ipSecUpdateSecurityPolicy(int transformId, int selAddrFamily, int direction, in @utf8InCpp String tmplSrcAddress, in @utf8InCpp String tmplDstAddress, int spi, int markValue, int markMask, int interfaceId);
- void ipSecDeleteSecurityPolicy(int transformId, int selAddrFamily, int direction, int markValue, int markMask, int interfaceId);
- void ipSecAddTunnelInterface(in @utf8InCpp String deviceName, in @utf8InCpp String localAddress, in @utf8InCpp String remoteAddress, int iKey, int oKey, int interfaceId);
- void ipSecUpdateTunnelInterface(in @utf8InCpp String deviceName, in @utf8InCpp String localAddress, in @utf8InCpp String remoteAddress, int iKey, int oKey, int interfaceId);
- void ipSecRemoveTunnelInterface(in @utf8InCpp String deviceName);
- void wakeupAddInterface(in @utf8InCpp String ifName, in @utf8InCpp String prefix, int mark, int mask);
- void wakeupDelInterface(in @utf8InCpp String ifName, in @utf8InCpp String prefix, int mark, int mask);
- void setIPv6AddrGenMode(in @utf8InCpp String ifName, int mode);
- void idletimerAddInterface(in @utf8InCpp String ifName, int timeout, in @utf8InCpp String classLabel);
- void idletimerRemoveInterface(in @utf8InCpp String ifName, int timeout, in @utf8InCpp String classLabel);
- void strictUidCleartextPenalty(int uid, int policyPenalty);
- @utf8InCpp String clatdStart(in @utf8InCpp String ifName, in @utf8InCpp String nat64Prefix);
- void clatdStop(in @utf8InCpp String ifName);
- boolean ipfwdEnabled();
- @utf8InCpp String[] ipfwdGetRequesterList();
- void ipfwdEnableForwarding(in @utf8InCpp String requester);
- void ipfwdDisableForwarding(in @utf8InCpp String requester);
- void ipfwdAddInterfaceForward(in @utf8InCpp String fromIface, in @utf8InCpp String toIface);
- void ipfwdRemoveInterfaceForward(in @utf8InCpp String fromIface, in @utf8InCpp String toIface);
- void bandwidthSetInterfaceQuota(in @utf8InCpp String ifName, long bytes);
- void bandwidthRemoveInterfaceQuota(in @utf8InCpp String ifName);
- void bandwidthSetInterfaceAlert(in @utf8InCpp String ifName, long bytes);
- void bandwidthRemoveInterfaceAlert(in @utf8InCpp String ifName);
- void bandwidthSetGlobalAlert(long bytes);
- void bandwidthAddNaughtyApp(int uid);
- void bandwidthRemoveNaughtyApp(int uid);
- void bandwidthAddNiceApp(int uid);
- void bandwidthRemoveNiceApp(int uid);
- void tetherStart(in @utf8InCpp String[] dhcpRanges);
- void tetherStop();
- boolean tetherIsEnabled();
- void tetherInterfaceAdd(in @utf8InCpp String ifName);
- void tetherInterfaceRemove(in @utf8InCpp String ifName);
- @utf8InCpp String[] tetherInterfaceList();
- void tetherDnsSet(int netId, in @utf8InCpp String[] dnsAddrs);
- @utf8InCpp String[] tetherDnsList();
- void networkAddRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop);
- void networkRemoveRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop);
- void networkAddLegacyRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop, int uid);
- void networkRemoveLegacyRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop, int uid);
- int networkGetDefault();
- void networkSetDefault(int netId);
- void networkClearDefault();
- void networkSetPermissionForNetwork(int netId, int permission);
- void networkSetPermissionForUser(int permission, in int[] uids);
- void networkClearPermissionForUser(in int[] uids);
- void trafficSetNetPermForUids(int permission, in int[] uids);
- void networkSetProtectAllow(int uid);
- void networkSetProtectDeny(int uid);
- boolean networkCanProtect(int uid);
- void firewallSetFirewallType(int firewalltype);
- void firewallSetInterfaceRule(in @utf8InCpp String ifName, int firewallRule);
- void firewallSetUidRule(int childChain, int uid, int firewallRule);
- void firewallEnableChildChain(int childChain, boolean enable);
- @utf8InCpp String[] interfaceGetList();
- android.net.InterfaceConfigurationParcel interfaceGetCfg(in @utf8InCpp String ifName);
- void interfaceSetCfg(in android.net.InterfaceConfigurationParcel cfg);
- void interfaceSetIPv6PrivacyExtensions(in @utf8InCpp String ifName, boolean enable);
- void interfaceClearAddrs(in @utf8InCpp String ifName);
- void interfaceSetEnableIPv6(in @utf8InCpp String ifName, boolean enable);
- void interfaceSetMtu(in @utf8InCpp String ifName, int mtu);
- void tetherAddForward(in @utf8InCpp String intIface, in @utf8InCpp String extIface);
- void tetherRemoveForward(in @utf8InCpp String intIface, in @utf8InCpp String extIface);
- void setTcpRWmemorySize(in @utf8InCpp String rmemValues, in @utf8InCpp String wmemValues);
- void registerUnsolicitedEventListener(android.net.INetdUnsolicitedEventListener listener);
- void firewallAddUidInterfaceRules(in @utf8InCpp String ifName, in int[] uids);
- void firewallRemoveUidInterfaceRules(in int[] uids);
- void trafficSwapActiveStatsMap();
- IBinder getOemNetd();
- void tetherStartWithConfiguration(in android.net.TetherConfigParcel config);
- android.net.MarkMaskParcel getFwmarkForNetwork(int netId);
- void networkAddRouteParcel(int netId, in android.net.RouteInfoParcel routeInfo);
- void networkUpdateRouteParcel(int netId, in android.net.RouteInfoParcel routeInfo);
- void networkRemoveRouteParcel(int netId, in android.net.RouteInfoParcel routeInfo);
- void tetherOffloadRuleAdd(in android.net.TetherOffloadRuleParcel rule);
- void tetherOffloadRuleRemove(in android.net.TetherOffloadRuleParcel rule);
- android.net.TetherStatsParcel[] tetherOffloadGetStats();
- void tetherOffloadSetInterfaceQuota(int ifIndex, long quotaBytes);
- android.net.TetherStatsParcel tetherOffloadGetAndClearStats(int ifIndex);
- const int IPV4 = 4;
- const int IPV6 = 6;
- const int CONF = 1;
- const int NEIGH = 2;
- const String IPSEC_INTERFACE_PREFIX = "ipsec";
- const int IPV6_ADDR_GEN_MODE_EUI64 = 0;
- const int IPV6_ADDR_GEN_MODE_NONE = 1;
- const int IPV6_ADDR_GEN_MODE_STABLE_PRIVACY = 2;
- const int IPV6_ADDR_GEN_MODE_RANDOM = 3;
- const int IPV6_ADDR_GEN_MODE_DEFAULT = 0;
- const int PENALTY_POLICY_ACCEPT = 1;
- const int PENALTY_POLICY_LOG = 2;
- const int PENALTY_POLICY_REJECT = 3;
- const int LOCAL_NET_ID = 99;
- const String NEXTHOP_NONE = "";
- const String NEXTHOP_UNREACHABLE = "unreachable";
- const String NEXTHOP_THROW = "throw";
- const int PERMISSION_NONE = 0;
- const int PERMISSION_NETWORK = 1;
- const int PERMISSION_SYSTEM = 2;
- const int NO_PERMISSIONS = 0;
- const int PERMISSION_INTERNET = 4;
- const int PERMISSION_UPDATE_DEVICE_STATS = 8;
- const int PERMISSION_UNINSTALLED = -1;
- const int FIREWALL_WHITELIST = 0;
- const int FIREWALL_BLACKLIST = 1;
- const int FIREWALL_RULE_ALLOW = 1;
- const int FIREWALL_RULE_DENY = 2;
- const int FIREWALL_CHAIN_NONE = 0;
- const int FIREWALL_CHAIN_DOZABLE = 1;
- const int FIREWALL_CHAIN_STANDBY = 2;
- const int FIREWALL_CHAIN_POWERSAVE = 3;
- const String IF_STATE_UP = "up";
- const String IF_STATE_DOWN = "down";
- const String IF_FLAG_BROADCAST = "broadcast";
- const String IF_FLAG_LOOPBACK = "loopback";
- const String IF_FLAG_POINTOPOINT = "point-to-point";
- const String IF_FLAG_RUNNING = "running";
- const String IF_FLAG_MULTICAST = "multicast";
-}
diff --git a/server/aidl_api/netd_aidl_interface/4/android/net/INetdUnsolicitedEventListener.aidl b/server/aidl_api/netd_aidl_interface/4/android/net/INetdUnsolicitedEventListener.aidl
deleted file mode 100644
index 4459363..0000000
--- a/server/aidl_api/netd_aidl_interface/4/android/net/INetdUnsolicitedEventListener.aidl
+++ /dev/null
@@ -1,32 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-interface INetdUnsolicitedEventListener {
- oneway void onInterfaceClassActivityChanged(boolean isActive, int timerLabel, long timestampNs, int uid);
- oneway void onQuotaLimitReached(@utf8InCpp String alertName, @utf8InCpp String ifName);
- oneway void onInterfaceDnsServerInfo(@utf8InCpp String ifName, long lifetimeS, in @utf8InCpp String[] servers);
- oneway void onInterfaceAddressUpdated(@utf8InCpp String addr, @utf8InCpp String ifName, int flags, int scope);
- oneway void onInterfaceAddressRemoved(@utf8InCpp String addr, @utf8InCpp String ifName, int flags, int scope);
- oneway void onInterfaceAdded(@utf8InCpp String ifName);
- oneway void onInterfaceRemoved(@utf8InCpp String ifName);
- oneway void onInterfaceChanged(@utf8InCpp String ifName, boolean up);
- oneway void onInterfaceLinkStateChanged(@utf8InCpp String ifName, boolean up);
- oneway void onRouteChanged(boolean updated, @utf8InCpp String route, @utf8InCpp String gateway, @utf8InCpp String ifName);
- oneway void onStrictCleartextDetected(int uid, @utf8InCpp String hex);
-}
diff --git a/server/aidl_api/netd_aidl_interface/4/android/net/InterfaceConfigurationParcel.aidl b/server/aidl_api/netd_aidl_interface/4/android/net/InterfaceConfigurationParcel.aidl
deleted file mode 100644
index 01e0f95..0000000
--- a/server/aidl_api/netd_aidl_interface/4/android/net/InterfaceConfigurationParcel.aidl
+++ /dev/null
@@ -1,26 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable InterfaceConfigurationParcel {
- @utf8InCpp String ifName;
- @utf8InCpp String hwAddr;
- @utf8InCpp String ipv4Addr;
- int prefixLength;
- @utf8InCpp String[] flags;
-}
diff --git a/server/aidl_api/netd_aidl_interface/4/android/net/MarkMaskParcel.aidl b/server/aidl_api/netd_aidl_interface/4/android/net/MarkMaskParcel.aidl
deleted file mode 100644
index 62be838..0000000
--- a/server/aidl_api/netd_aidl_interface/4/android/net/MarkMaskParcel.aidl
+++ /dev/null
@@ -1,23 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable MarkMaskParcel {
- int mark;
- int mask;
-}
diff --git a/server/aidl_api/netd_aidl_interface/4/android/net/RouteInfoParcel.aidl b/server/aidl_api/netd_aidl_interface/4/android/net/RouteInfoParcel.aidl
deleted file mode 100644
index 5e0ee62..0000000
--- a/server/aidl_api/netd_aidl_interface/4/android/net/RouteInfoParcel.aidl
+++ /dev/null
@@ -1,24 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-parcelable RouteInfoParcel {
- @utf8InCpp String destination;
- @utf8InCpp String ifName;
- @utf8InCpp String nextHop;
- int mtu;
-}
diff --git a/server/aidl_api/netd_aidl_interface/4/android/net/TetherConfigParcel.aidl b/server/aidl_api/netd_aidl_interface/4/android/net/TetherConfigParcel.aidl
deleted file mode 100644
index b136454..0000000
--- a/server/aidl_api/netd_aidl_interface/4/android/net/TetherConfigParcel.aidl
+++ /dev/null
@@ -1,23 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable TetherConfigParcel {
- boolean usingLegacyDnsProxy;
- @utf8InCpp String[] dhcpRanges;
-}
diff --git a/server/aidl_api/netd_aidl_interface/4/android/net/TetherOffloadRuleParcel.aidl b/server/aidl_api/netd_aidl_interface/4/android/net/TetherOffloadRuleParcel.aidl
deleted file mode 100644
index c9d8458..0000000
--- a/server/aidl_api/netd_aidl_interface/4/android/net/TetherOffloadRuleParcel.aidl
+++ /dev/null
@@ -1,28 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable TetherOffloadRuleParcel {
- int inputInterfaceIndex;
- int outputInterfaceIndex;
- byte[] destination;
- int prefixLength;
- byte[] srcL2Address;
- byte[] dstL2Address;
- int pmtu = 1500;
-}
diff --git a/server/aidl_api/netd_aidl_interface/4/android/net/TetherStatsParcel.aidl b/server/aidl_api/netd_aidl_interface/4/android/net/TetherStatsParcel.aidl
deleted file mode 100644
index 0b0960e..0000000
--- a/server/aidl_api/netd_aidl_interface/4/android/net/TetherStatsParcel.aidl
+++ /dev/null
@@ -1,27 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable TetherStatsParcel {
- @utf8InCpp String iface;
- long rxBytes;
- long rxPackets;
- long txBytes;
- long txPackets;
- int ifIndex = 0;
-}
diff --git a/server/aidl_api/netd_aidl_interface/4/android/net/UidRangeParcel.aidl b/server/aidl_api/netd_aidl_interface/4/android/net/UidRangeParcel.aidl
deleted file mode 100644
index 84ff457..0000000
--- a/server/aidl_api/netd_aidl_interface/4/android/net/UidRangeParcel.aidl
+++ /dev/null
@@ -1,23 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable UidRangeParcel {
- int start;
- int stop;
-}
diff --git a/server/aidl_api/netd_aidl_interface/5/.hash b/server/aidl_api/netd_aidl_interface/5/.hash
deleted file mode 100644
index a6ced45..0000000
--- a/server/aidl_api/netd_aidl_interface/5/.hash
+++ /dev/null
@@ -1 +0,0 @@
-d97c56dd789cee9eeb5cdcec43a99df0a01873a5
diff --git a/server/aidl_api/netd_aidl_interface/5/android/net/INetd.aidl b/server/aidl_api/netd_aidl_interface/5/android/net/INetd.aidl
deleted file mode 100644
index b30748a..0000000
--- a/server/aidl_api/netd_aidl_interface/5/android/net/INetd.aidl
+++ /dev/null
@@ -1,167 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-interface INetd {
- boolean isAlive();
- boolean firewallReplaceUidChain(in @utf8InCpp String chainName, boolean isAllowlist, in int[] uids);
- boolean bandwidthEnableDataSaver(boolean enable);
- void networkCreatePhysical(int netId, int permission);
- void networkCreateVpn(int netId, boolean secure);
- void networkDestroy(int netId);
- void networkAddInterface(int netId, in @utf8InCpp String iface);
- void networkRemoveInterface(int netId, in @utf8InCpp String iface);
- void networkAddUidRanges(int netId, in android.net.UidRangeParcel[] uidRanges);
- void networkRemoveUidRanges(int netId, in android.net.UidRangeParcel[] uidRanges);
- void networkRejectNonSecureVpn(boolean add, in android.net.UidRangeParcel[] uidRanges);
- void socketDestroy(in android.net.UidRangeParcel[] uidRanges, in int[] exemptUids);
- boolean tetherApplyDnsInterfaces();
- android.net.TetherStatsParcel[] tetherGetStats();
- void interfaceAddAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString, int prefixLength);
- void interfaceDelAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString, int prefixLength);
- @utf8InCpp String getProcSysNet(int ipversion, int which, in @utf8InCpp String ifname, in @utf8InCpp String parameter);
- void setProcSysNet(int ipversion, int which, in @utf8InCpp String ifname, in @utf8InCpp String parameter, in @utf8InCpp String value);
- void ipSecSetEncapSocketOwner(in ParcelFileDescriptor socket, int newUid);
- int ipSecAllocateSpi(int transformId, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi);
- void ipSecAddSecurityAssociation(int transformId, int mode, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int underlyingNetId, int spi, int markValue, int markMask, in @utf8InCpp String authAlgo, in byte[] authKey, in int authTruncBits, in @utf8InCpp String cryptAlgo, in byte[] cryptKey, in int cryptTruncBits, in @utf8InCpp String aeadAlgo, in byte[] aeadKey, in int aeadIcvBits, int encapType, int encapLocalPort, int encapRemotePort, int interfaceId);
- void ipSecDeleteSecurityAssociation(int transformId, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi, int markValue, int markMask, int interfaceId);
- void ipSecApplyTransportModeTransform(in ParcelFileDescriptor socket, int transformId, int direction, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi);
- void ipSecRemoveTransportModeTransform(in ParcelFileDescriptor socket);
- void ipSecAddSecurityPolicy(int transformId, int selAddrFamily, int direction, in @utf8InCpp String tmplSrcAddress, in @utf8InCpp String tmplDstAddress, int spi, int markValue, int markMask, int interfaceId);
- void ipSecUpdateSecurityPolicy(int transformId, int selAddrFamily, int direction, in @utf8InCpp String tmplSrcAddress, in @utf8InCpp String tmplDstAddress, int spi, int markValue, int markMask, int interfaceId);
- void ipSecDeleteSecurityPolicy(int transformId, int selAddrFamily, int direction, int markValue, int markMask, int interfaceId);
- void ipSecAddTunnelInterface(in @utf8InCpp String deviceName, in @utf8InCpp String localAddress, in @utf8InCpp String remoteAddress, int iKey, int oKey, int interfaceId);
- void ipSecUpdateTunnelInterface(in @utf8InCpp String deviceName, in @utf8InCpp String localAddress, in @utf8InCpp String remoteAddress, int iKey, int oKey, int interfaceId);
- void ipSecRemoveTunnelInterface(in @utf8InCpp String deviceName);
- void wakeupAddInterface(in @utf8InCpp String ifName, in @utf8InCpp String prefix, int mark, int mask);
- void wakeupDelInterface(in @utf8InCpp String ifName, in @utf8InCpp String prefix, int mark, int mask);
- void setIPv6AddrGenMode(in @utf8InCpp String ifName, int mode);
- void idletimerAddInterface(in @utf8InCpp String ifName, int timeout, in @utf8InCpp String classLabel);
- void idletimerRemoveInterface(in @utf8InCpp String ifName, int timeout, in @utf8InCpp String classLabel);
- void strictUidCleartextPenalty(int uid, int policyPenalty);
- @utf8InCpp String clatdStart(in @utf8InCpp String ifName, in @utf8InCpp String nat64Prefix);
- void clatdStop(in @utf8InCpp String ifName);
- boolean ipfwdEnabled();
- @utf8InCpp String[] ipfwdGetRequesterList();
- void ipfwdEnableForwarding(in @utf8InCpp String requester);
- void ipfwdDisableForwarding(in @utf8InCpp String requester);
- void ipfwdAddInterfaceForward(in @utf8InCpp String fromIface, in @utf8InCpp String toIface);
- void ipfwdRemoveInterfaceForward(in @utf8InCpp String fromIface, in @utf8InCpp String toIface);
- void bandwidthSetInterfaceQuota(in @utf8InCpp String ifName, long bytes);
- void bandwidthRemoveInterfaceQuota(in @utf8InCpp String ifName);
- void bandwidthSetInterfaceAlert(in @utf8InCpp String ifName, long bytes);
- void bandwidthRemoveInterfaceAlert(in @utf8InCpp String ifName);
- void bandwidthSetGlobalAlert(long bytes);
- void bandwidthAddNaughtyApp(int uid);
- void bandwidthRemoveNaughtyApp(int uid);
- void bandwidthAddNiceApp(int uid);
- void bandwidthRemoveNiceApp(int uid);
- void tetherStart(in @utf8InCpp String[] dhcpRanges);
- void tetherStop();
- boolean tetherIsEnabled();
- void tetherInterfaceAdd(in @utf8InCpp String ifName);
- void tetherInterfaceRemove(in @utf8InCpp String ifName);
- @utf8InCpp String[] tetherInterfaceList();
- void tetherDnsSet(int netId, in @utf8InCpp String[] dnsAddrs);
- @utf8InCpp String[] tetherDnsList();
- void networkAddRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop);
- void networkRemoveRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop);
- void networkAddLegacyRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop, int uid);
- void networkRemoveLegacyRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop, int uid);
- int networkGetDefault();
- void networkSetDefault(int netId);
- void networkClearDefault();
- void networkSetPermissionForNetwork(int netId, int permission);
- void networkSetPermissionForUser(int permission, in int[] uids);
- void networkClearPermissionForUser(in int[] uids);
- void trafficSetNetPermForUids(int permission, in int[] uids);
- void networkSetProtectAllow(int uid);
- void networkSetProtectDeny(int uid);
- boolean networkCanProtect(int uid);
- void firewallSetFirewallType(int firewalltype);
- void firewallSetInterfaceRule(in @utf8InCpp String ifName, int firewallRule);
- void firewallSetUidRule(int childChain, int uid, int firewallRule);
- void firewallEnableChildChain(int childChain, boolean enable);
- @utf8InCpp String[] interfaceGetList();
- android.net.InterfaceConfigurationParcel interfaceGetCfg(in @utf8InCpp String ifName);
- void interfaceSetCfg(in android.net.InterfaceConfigurationParcel cfg);
- void interfaceSetIPv6PrivacyExtensions(in @utf8InCpp String ifName, boolean enable);
- void interfaceClearAddrs(in @utf8InCpp String ifName);
- void interfaceSetEnableIPv6(in @utf8InCpp String ifName, boolean enable);
- void interfaceSetMtu(in @utf8InCpp String ifName, int mtu);
- void tetherAddForward(in @utf8InCpp String intIface, in @utf8InCpp String extIface);
- void tetherRemoveForward(in @utf8InCpp String intIface, in @utf8InCpp String extIface);
- void setTcpRWmemorySize(in @utf8InCpp String rmemValues, in @utf8InCpp String wmemValues);
- void registerUnsolicitedEventListener(android.net.INetdUnsolicitedEventListener listener);
- void firewallAddUidInterfaceRules(in @utf8InCpp String ifName, in int[] uids);
- void firewallRemoveUidInterfaceRules(in int[] uids);
- void trafficSwapActiveStatsMap();
- IBinder getOemNetd();
- void tetherStartWithConfiguration(in android.net.TetherConfigParcel config);
- android.net.MarkMaskParcel getFwmarkForNetwork(int netId);
- void networkAddRouteParcel(int netId, in android.net.RouteInfoParcel routeInfo);
- void networkUpdateRouteParcel(int netId, in android.net.RouteInfoParcel routeInfo);
- void networkRemoveRouteParcel(int netId, in android.net.RouteInfoParcel routeInfo);
- void tetherOffloadRuleAdd(in android.net.TetherOffloadRuleParcel rule);
- void tetherOffloadRuleRemove(in android.net.TetherOffloadRuleParcel rule);
- android.net.TetherStatsParcel[] tetherOffloadGetStats();
- void tetherOffloadSetInterfaceQuota(int ifIndex, long quotaBytes);
- android.net.TetherStatsParcel tetherOffloadGetAndClearStats(int ifIndex);
- const int IPV4 = 4;
- const int IPV6 = 6;
- const int CONF = 1;
- const int NEIGH = 2;
- const String IPSEC_INTERFACE_PREFIX = "ipsec";
- const int IPV6_ADDR_GEN_MODE_EUI64 = 0;
- const int IPV6_ADDR_GEN_MODE_NONE = 1;
- const int IPV6_ADDR_GEN_MODE_STABLE_PRIVACY = 2;
- const int IPV6_ADDR_GEN_MODE_RANDOM = 3;
- const int IPV6_ADDR_GEN_MODE_DEFAULT = 0;
- const int PENALTY_POLICY_ACCEPT = 1;
- const int PENALTY_POLICY_LOG = 2;
- const int PENALTY_POLICY_REJECT = 3;
- const int LOCAL_NET_ID = 99;
- const String NEXTHOP_NONE = "";
- const String NEXTHOP_UNREACHABLE = "unreachable";
- const String NEXTHOP_THROW = "throw";
- const int PERMISSION_NONE = 0;
- const int PERMISSION_NETWORK = 1;
- const int PERMISSION_SYSTEM = 2;
- const int NO_PERMISSIONS = 0;
- const int PERMISSION_INTERNET = 4;
- const int PERMISSION_UPDATE_DEVICE_STATS = 8;
- const int PERMISSION_UNINSTALLED = -1;
- const @JavaPassthrough(annotation="@Deprecated") int FIREWALL_WHITELIST = 0;
- const int FIREWALL_ALLOWLIST = 0;
- const @JavaPassthrough(annotation="@Deprecated") int FIREWALL_BLACKLIST = 1;
- const int FIREWALL_DENYLIST = 1;
- const int FIREWALL_RULE_ALLOW = 1;
- const int FIREWALL_RULE_DENY = 2;
- const int FIREWALL_CHAIN_NONE = 0;
- const int FIREWALL_CHAIN_DOZABLE = 1;
- const int FIREWALL_CHAIN_STANDBY = 2;
- const int FIREWALL_CHAIN_POWERSAVE = 3;
- const int FIREWALL_CHAIN_RESTRICTED = 4;
- const String IF_STATE_UP = "up";
- const String IF_STATE_DOWN = "down";
- const String IF_FLAG_BROADCAST = "broadcast";
- const String IF_FLAG_LOOPBACK = "loopback";
- const String IF_FLAG_POINTOPOINT = "point-to-point";
- const String IF_FLAG_RUNNING = "running";
- const String IF_FLAG_MULTICAST = "multicast";
-}
diff --git a/server/aidl_api/netd_aidl_interface/5/android/net/INetdUnsolicitedEventListener.aidl b/server/aidl_api/netd_aidl_interface/5/android/net/INetdUnsolicitedEventListener.aidl
deleted file mode 100644
index 4459363..0000000
--- a/server/aidl_api/netd_aidl_interface/5/android/net/INetdUnsolicitedEventListener.aidl
+++ /dev/null
@@ -1,32 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-interface INetdUnsolicitedEventListener {
- oneway void onInterfaceClassActivityChanged(boolean isActive, int timerLabel, long timestampNs, int uid);
- oneway void onQuotaLimitReached(@utf8InCpp String alertName, @utf8InCpp String ifName);
- oneway void onInterfaceDnsServerInfo(@utf8InCpp String ifName, long lifetimeS, in @utf8InCpp String[] servers);
- oneway void onInterfaceAddressUpdated(@utf8InCpp String addr, @utf8InCpp String ifName, int flags, int scope);
- oneway void onInterfaceAddressRemoved(@utf8InCpp String addr, @utf8InCpp String ifName, int flags, int scope);
- oneway void onInterfaceAdded(@utf8InCpp String ifName);
- oneway void onInterfaceRemoved(@utf8InCpp String ifName);
- oneway void onInterfaceChanged(@utf8InCpp String ifName, boolean up);
- oneway void onInterfaceLinkStateChanged(@utf8InCpp String ifName, boolean up);
- oneway void onRouteChanged(boolean updated, @utf8InCpp String route, @utf8InCpp String gateway, @utf8InCpp String ifName);
- oneway void onStrictCleartextDetected(int uid, @utf8InCpp String hex);
-}
diff --git a/server/aidl_api/netd_aidl_interface/5/android/net/InterfaceConfigurationParcel.aidl b/server/aidl_api/netd_aidl_interface/5/android/net/InterfaceConfigurationParcel.aidl
deleted file mode 100644
index 01e0f95..0000000
--- a/server/aidl_api/netd_aidl_interface/5/android/net/InterfaceConfigurationParcel.aidl
+++ /dev/null
@@ -1,26 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable InterfaceConfigurationParcel {
- @utf8InCpp String ifName;
- @utf8InCpp String hwAddr;
- @utf8InCpp String ipv4Addr;
- int prefixLength;
- @utf8InCpp String[] flags;
-}
diff --git a/server/aidl_api/netd_aidl_interface/5/android/net/MarkMaskParcel.aidl b/server/aidl_api/netd_aidl_interface/5/android/net/MarkMaskParcel.aidl
deleted file mode 100644
index 62be838..0000000
--- a/server/aidl_api/netd_aidl_interface/5/android/net/MarkMaskParcel.aidl
+++ /dev/null
@@ -1,23 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable MarkMaskParcel {
- int mark;
- int mask;
-}
diff --git a/server/aidl_api/netd_aidl_interface/5/android/net/RouteInfoParcel.aidl b/server/aidl_api/netd_aidl_interface/5/android/net/RouteInfoParcel.aidl
deleted file mode 100644
index 5e0ee62..0000000
--- a/server/aidl_api/netd_aidl_interface/5/android/net/RouteInfoParcel.aidl
+++ /dev/null
@@ -1,24 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-parcelable RouteInfoParcel {
- @utf8InCpp String destination;
- @utf8InCpp String ifName;
- @utf8InCpp String nextHop;
- int mtu;
-}
diff --git a/server/aidl_api/netd_aidl_interface/5/android/net/TetherConfigParcel.aidl b/server/aidl_api/netd_aidl_interface/5/android/net/TetherConfigParcel.aidl
deleted file mode 100644
index b136454..0000000
--- a/server/aidl_api/netd_aidl_interface/5/android/net/TetherConfigParcel.aidl
+++ /dev/null
@@ -1,23 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable TetherConfigParcel {
- boolean usingLegacyDnsProxy;
- @utf8InCpp String[] dhcpRanges;
-}
diff --git a/server/aidl_api/netd_aidl_interface/5/android/net/TetherOffloadRuleParcel.aidl b/server/aidl_api/netd_aidl_interface/5/android/net/TetherOffloadRuleParcel.aidl
deleted file mode 100644
index c9d8458..0000000
--- a/server/aidl_api/netd_aidl_interface/5/android/net/TetherOffloadRuleParcel.aidl
+++ /dev/null
@@ -1,28 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable TetherOffloadRuleParcel {
- int inputInterfaceIndex;
- int outputInterfaceIndex;
- byte[] destination;
- int prefixLength;
- byte[] srcL2Address;
- byte[] dstL2Address;
- int pmtu = 1500;
-}
diff --git a/server/aidl_api/netd_aidl_interface/5/android/net/TetherStatsParcel.aidl b/server/aidl_api/netd_aidl_interface/5/android/net/TetherStatsParcel.aidl
deleted file mode 100644
index 0b0960e..0000000
--- a/server/aidl_api/netd_aidl_interface/5/android/net/TetherStatsParcel.aidl
+++ /dev/null
@@ -1,27 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable TetherStatsParcel {
- @utf8InCpp String iface;
- long rxBytes;
- long rxPackets;
- long txBytes;
- long txPackets;
- int ifIndex = 0;
-}
diff --git a/server/aidl_api/netd_aidl_interface/5/android/net/UidRangeParcel.aidl b/server/aidl_api/netd_aidl_interface/5/android/net/UidRangeParcel.aidl
deleted file mode 100644
index debc6be..0000000
--- a/server/aidl_api/netd_aidl_interface/5/android/net/UidRangeParcel.aidl
+++ /dev/null
@@ -1,24 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-@JavaDerive(equals=true, toString=true) @JavaOnlyImmutable
-parcelable UidRangeParcel {
- int start;
- int stop;
-}
diff --git a/server/aidl_api/netd_aidl_interface/6/.hash b/server/aidl_api/netd_aidl_interface/6/.hash
deleted file mode 100644
index f5acf5d..0000000
--- a/server/aidl_api/netd_aidl_interface/6/.hash
+++ /dev/null
@@ -1 +0,0 @@
-b08451d9673b09cba84f1fd8740e1fdac64ff7be
diff --git a/server/aidl_api/netd_aidl_interface/6/android/net/INetd.aidl b/server/aidl_api/netd_aidl_interface/6/android/net/INetd.aidl
deleted file mode 100644
index a7952f2..0000000
--- a/server/aidl_api/netd_aidl_interface/6/android/net/INetd.aidl
+++ /dev/null
@@ -1,198 +0,0 @@
-/**
- * Copyright (c) 2016, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-interface INetd {
- boolean isAlive();
- boolean firewallReplaceUidChain(in @utf8InCpp String chainName, boolean isAllowlist, in int[] uids);
- boolean bandwidthEnableDataSaver(boolean enable);
- /**
- * @deprecated use networkCreate() instead.
- */
- void networkCreatePhysical(int netId, int permission);
- /**
- * @deprecated use networkCreate() instead.
- */
- void networkCreateVpn(int netId, boolean secure);
- void networkDestroy(int netId);
- void networkAddInterface(int netId, in @utf8InCpp String iface);
- void networkRemoveInterface(int netId, in @utf8InCpp String iface);
- void networkAddUidRanges(int netId, in android.net.UidRangeParcel[] uidRanges);
- void networkRemoveUidRanges(int netId, in android.net.UidRangeParcel[] uidRanges);
- void networkRejectNonSecureVpn(boolean add, in android.net.UidRangeParcel[] uidRanges);
- void socketDestroy(in android.net.UidRangeParcel[] uidRanges, in int[] exemptUids);
- boolean tetherApplyDnsInterfaces();
- android.net.TetherStatsParcel[] tetherGetStats();
- void interfaceAddAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString, int prefixLength);
- void interfaceDelAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString, int prefixLength);
- @utf8InCpp String getProcSysNet(int ipversion, int which, in @utf8InCpp String ifname, in @utf8InCpp String parameter);
- void setProcSysNet(int ipversion, int which, in @utf8InCpp String ifname, in @utf8InCpp String parameter, in @utf8InCpp String value);
- void ipSecSetEncapSocketOwner(in ParcelFileDescriptor socket, int newUid);
- int ipSecAllocateSpi(int transformId, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi);
- void ipSecAddSecurityAssociation(int transformId, int mode, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int underlyingNetId, int spi, int markValue, int markMask, in @utf8InCpp String authAlgo, in byte[] authKey, in int authTruncBits, in @utf8InCpp String cryptAlgo, in byte[] cryptKey, in int cryptTruncBits, in @utf8InCpp String aeadAlgo, in byte[] aeadKey, in int aeadIcvBits, int encapType, int encapLocalPort, int encapRemotePort, int interfaceId);
- void ipSecDeleteSecurityAssociation(int transformId, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi, int markValue, int markMask, int interfaceId);
- void ipSecApplyTransportModeTransform(in ParcelFileDescriptor socket, int transformId, int direction, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi);
- void ipSecRemoveTransportModeTransform(in ParcelFileDescriptor socket);
- void ipSecAddSecurityPolicy(int transformId, int selAddrFamily, int direction, in @utf8InCpp String tmplSrcAddress, in @utf8InCpp String tmplDstAddress, int spi, int markValue, int markMask, int interfaceId);
- void ipSecUpdateSecurityPolicy(int transformId, int selAddrFamily, int direction, in @utf8InCpp String tmplSrcAddress, in @utf8InCpp String tmplDstAddress, int spi, int markValue, int markMask, int interfaceId);
- void ipSecDeleteSecurityPolicy(int transformId, int selAddrFamily, int direction, int markValue, int markMask, int interfaceId);
- void ipSecAddTunnelInterface(in @utf8InCpp String deviceName, in @utf8InCpp String localAddress, in @utf8InCpp String remoteAddress, int iKey, int oKey, int interfaceId);
- void ipSecUpdateTunnelInterface(in @utf8InCpp String deviceName, in @utf8InCpp String localAddress, in @utf8InCpp String remoteAddress, int iKey, int oKey, int interfaceId);
- void ipSecRemoveTunnelInterface(in @utf8InCpp String deviceName);
- void wakeupAddInterface(in @utf8InCpp String ifName, in @utf8InCpp String prefix, int mark, int mask);
- void wakeupDelInterface(in @utf8InCpp String ifName, in @utf8InCpp String prefix, int mark, int mask);
- void setIPv6AddrGenMode(in @utf8InCpp String ifName, int mode);
- void idletimerAddInterface(in @utf8InCpp String ifName, int timeout, in @utf8InCpp String classLabel);
- void idletimerRemoveInterface(in @utf8InCpp String ifName, int timeout, in @utf8InCpp String classLabel);
- void strictUidCleartextPenalty(int uid, int policyPenalty);
- @utf8InCpp String clatdStart(in @utf8InCpp String ifName, in @utf8InCpp String nat64Prefix);
- void clatdStop(in @utf8InCpp String ifName);
- boolean ipfwdEnabled();
- @utf8InCpp String[] ipfwdGetRequesterList();
- void ipfwdEnableForwarding(in @utf8InCpp String requester);
- void ipfwdDisableForwarding(in @utf8InCpp String requester);
- void ipfwdAddInterfaceForward(in @utf8InCpp String fromIface, in @utf8InCpp String toIface);
- void ipfwdRemoveInterfaceForward(in @utf8InCpp String fromIface, in @utf8InCpp String toIface);
- void bandwidthSetInterfaceQuota(in @utf8InCpp String ifName, long bytes);
- void bandwidthRemoveInterfaceQuota(in @utf8InCpp String ifName);
- void bandwidthSetInterfaceAlert(in @utf8InCpp String ifName, long bytes);
- void bandwidthRemoveInterfaceAlert(in @utf8InCpp String ifName);
- void bandwidthSetGlobalAlert(long bytes);
- void bandwidthAddNaughtyApp(int uid);
- void bandwidthRemoveNaughtyApp(int uid);
- void bandwidthAddNiceApp(int uid);
- void bandwidthRemoveNiceApp(int uid);
- void tetherStart(in @utf8InCpp String[] dhcpRanges);
- void tetherStop();
- boolean tetherIsEnabled();
- void tetherInterfaceAdd(in @utf8InCpp String ifName);
- void tetherInterfaceRemove(in @utf8InCpp String ifName);
- @utf8InCpp String[] tetherInterfaceList();
- void tetherDnsSet(int netId, in @utf8InCpp String[] dnsAddrs);
- @utf8InCpp String[] tetherDnsList();
- void networkAddRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop);
- void networkRemoveRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop);
- void networkAddLegacyRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop, int uid);
- void networkRemoveLegacyRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop, int uid);
- int networkGetDefault();
- void networkSetDefault(int netId);
- void networkClearDefault();
- void networkSetPermissionForNetwork(int netId, int permission);
- void networkSetPermissionForUser(int permission, in int[] uids);
- void networkClearPermissionForUser(in int[] uids);
- void trafficSetNetPermForUids(int permission, in int[] uids);
- void networkSetProtectAllow(int uid);
- void networkSetProtectDeny(int uid);
- boolean networkCanProtect(int uid);
- void firewallSetFirewallType(int firewalltype);
- void firewallSetInterfaceRule(in @utf8InCpp String ifName, int firewallRule);
- void firewallSetUidRule(int childChain, int uid, int firewallRule);
- void firewallEnableChildChain(int childChain, boolean enable);
- @utf8InCpp String[] interfaceGetList();
- android.net.InterfaceConfigurationParcel interfaceGetCfg(in @utf8InCpp String ifName);
- void interfaceSetCfg(in android.net.InterfaceConfigurationParcel cfg);
- void interfaceSetIPv6PrivacyExtensions(in @utf8InCpp String ifName, boolean enable);
- void interfaceClearAddrs(in @utf8InCpp String ifName);
- void interfaceSetEnableIPv6(in @utf8InCpp String ifName, boolean enable);
- void interfaceSetMtu(in @utf8InCpp String ifName, int mtu);
- void tetherAddForward(in @utf8InCpp String intIface, in @utf8InCpp String extIface);
- void tetherRemoveForward(in @utf8InCpp String intIface, in @utf8InCpp String extIface);
- void setTcpRWmemorySize(in @utf8InCpp String rmemValues, in @utf8InCpp String wmemValues);
- void registerUnsolicitedEventListener(android.net.INetdUnsolicitedEventListener listener);
- void firewallAddUidInterfaceRules(in @utf8InCpp String ifName, in int[] uids);
- void firewallRemoveUidInterfaceRules(in int[] uids);
- void trafficSwapActiveStatsMap();
- IBinder getOemNetd();
- void tetherStartWithConfiguration(in android.net.TetherConfigParcel config);
- android.net.MarkMaskParcel getFwmarkForNetwork(int netId);
- void networkAddRouteParcel(int netId, in android.net.RouteInfoParcel routeInfo);
- void networkUpdateRouteParcel(int netId, in android.net.RouteInfoParcel routeInfo);
- void networkRemoveRouteParcel(int netId, in android.net.RouteInfoParcel routeInfo);
- void tetherOffloadRuleAdd(in android.net.TetherOffloadRuleParcel rule);
- void tetherOffloadRuleRemove(in android.net.TetherOffloadRuleParcel rule);
- android.net.TetherStatsParcel[] tetherOffloadGetStats();
- void tetherOffloadSetInterfaceQuota(int ifIndex, long quotaBytes);
- android.net.TetherStatsParcel tetherOffloadGetAndClearStats(int ifIndex);
- void networkCreate(in android.net.NativeNetworkConfig config);
- const int IPV4 = 4;
- const int IPV6 = 6;
- const int CONF = 1;
- const int NEIGH = 2;
- const String IPSEC_INTERFACE_PREFIX = "ipsec";
- const int IPV6_ADDR_GEN_MODE_EUI64 = 0;
- const int IPV6_ADDR_GEN_MODE_NONE = 1;
- const int IPV6_ADDR_GEN_MODE_STABLE_PRIVACY = 2;
- const int IPV6_ADDR_GEN_MODE_RANDOM = 3;
- const int IPV6_ADDR_GEN_MODE_DEFAULT = 0;
- const int PENALTY_POLICY_ACCEPT = 1;
- const int PENALTY_POLICY_LOG = 2;
- const int PENALTY_POLICY_REJECT = 3;
- const int LOCAL_NET_ID = 99;
- const int DUMMY_NET_ID = 51;
- const int UNREACHABLE_NET_ID = 52;
- const String NEXTHOP_NONE = "";
- const String NEXTHOP_UNREACHABLE = "unreachable";
- const String NEXTHOP_THROW = "throw";
- const int PERMISSION_NONE = 0;
- const int PERMISSION_NETWORK = 1;
- const int PERMISSION_SYSTEM = 2;
- const int NO_PERMISSIONS = 0;
- const int PERMISSION_INTERNET = 4;
- const int PERMISSION_UPDATE_DEVICE_STATS = 8;
- const int PERMISSION_UNINSTALLED = -1;
- /**
- * @deprecated use FIREWALL_ALLOWLIST.
- */
- const int FIREWALL_WHITELIST = 0;
- const int FIREWALL_ALLOWLIST = 0;
- /**
- * @deprecated use FIREWALL_DENYLIST.
- */
- const int FIREWALL_BLACKLIST = 1;
- const int FIREWALL_DENYLIST = 1;
- const int FIREWALL_RULE_ALLOW = 1;
- const int FIREWALL_RULE_DENY = 2;
- const int FIREWALL_CHAIN_NONE = 0;
- const int FIREWALL_CHAIN_DOZABLE = 1;
- const int FIREWALL_CHAIN_STANDBY = 2;
- const int FIREWALL_CHAIN_POWERSAVE = 3;
- const int FIREWALL_CHAIN_RESTRICTED = 4;
- const String IF_STATE_UP = "up";
- const String IF_STATE_DOWN = "down";
- const String IF_FLAG_BROADCAST = "broadcast";
- const String IF_FLAG_LOOPBACK = "loopback";
- const String IF_FLAG_POINTOPOINT = "point-to-point";
- const String IF_FLAG_RUNNING = "running";
- const String IF_FLAG_MULTICAST = "multicast";
-}
diff --git a/server/aidl_api/netd_aidl_interface/6/android/net/INetdUnsolicitedEventListener.aidl b/server/aidl_api/netd_aidl_interface/6/android/net/INetdUnsolicitedEventListener.aidl
deleted file mode 100644
index 31775df..0000000
--- a/server/aidl_api/netd_aidl_interface/6/android/net/INetdUnsolicitedEventListener.aidl
+++ /dev/null
@@ -1,48 +0,0 @@
-/**
- * Copyright (c) 2018, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-interface INetdUnsolicitedEventListener {
- oneway void onInterfaceClassActivityChanged(boolean isActive, int timerLabel, long timestampNs, int uid);
- oneway void onQuotaLimitReached(@utf8InCpp String alertName, @utf8InCpp String ifName);
- oneway void onInterfaceDnsServerInfo(@utf8InCpp String ifName, long lifetimeS, in @utf8InCpp String[] servers);
- oneway void onInterfaceAddressUpdated(@utf8InCpp String addr, @utf8InCpp String ifName, int flags, int scope);
- oneway void onInterfaceAddressRemoved(@utf8InCpp String addr, @utf8InCpp String ifName, int flags, int scope);
- oneway void onInterfaceAdded(@utf8InCpp String ifName);
- oneway void onInterfaceRemoved(@utf8InCpp String ifName);
- oneway void onInterfaceChanged(@utf8InCpp String ifName, boolean up);
- oneway void onInterfaceLinkStateChanged(@utf8InCpp String ifName, boolean up);
- oneway void onRouteChanged(boolean updated, @utf8InCpp String route, @utf8InCpp String gateway, @utf8InCpp String ifName);
- oneway void onStrictCleartextDetected(int uid, @utf8InCpp String hex);
-}
diff --git a/server/aidl_api/netd_aidl_interface/6/android/net/InterfaceConfigurationParcel.aidl b/server/aidl_api/netd_aidl_interface/6/android/net/InterfaceConfigurationParcel.aidl
deleted file mode 100644
index 1869d8d..0000000
--- a/server/aidl_api/netd_aidl_interface/6/android/net/InterfaceConfigurationParcel.aidl
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2018 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable InterfaceConfigurationParcel {
- @utf8InCpp String ifName;
- @utf8InCpp String hwAddr;
- @utf8InCpp String ipv4Addr;
- int prefixLength;
- @utf8InCpp String[] flags;
-}
diff --git a/server/aidl_api/netd_aidl_interface/6/android/net/MarkMaskParcel.aidl b/server/aidl_api/netd_aidl_interface/6/android/net/MarkMaskParcel.aidl
deleted file mode 100644
index 8ea20d1..0000000
--- a/server/aidl_api/netd_aidl_interface/6/android/net/MarkMaskParcel.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright (C) 2019 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable MarkMaskParcel {
- int mark;
- int mask;
-}
diff --git a/server/aidl_api/netd_aidl_interface/6/android/net/NativeNetworkConfig.aidl b/server/aidl_api/netd_aidl_interface/6/android/net/NativeNetworkConfig.aidl
deleted file mode 100644
index 76562b2..0000000
--- a/server/aidl_api/netd_aidl_interface/6/android/net/NativeNetworkConfig.aidl
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-@JavaDerive(equals=true, toString=true) @JavaOnlyImmutable
-parcelable NativeNetworkConfig {
- int netId;
- android.net.NativeNetworkType networkType = android.net.NativeNetworkType.PHYSICAL;
- int permission;
- boolean secure;
- android.net.NativeVpnType vpnType = android.net.NativeVpnType.PLATFORM;
-}
diff --git a/server/aidl_api/netd_aidl_interface/6/android/net/NativeNetworkType.aidl b/server/aidl_api/netd_aidl_interface/6/android/net/NativeNetworkType.aidl
deleted file mode 100644
index 06c8979..0000000
--- a/server/aidl_api/netd_aidl_interface/6/android/net/NativeNetworkType.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-@Backing(type="int")
-enum NativeNetworkType {
- PHYSICAL = 0,
- VIRTUAL = 1,
-}
diff --git a/server/aidl_api/netd_aidl_interface/6/android/net/NativeVpnType.aidl b/server/aidl_api/netd_aidl_interface/6/android/net/NativeVpnType.aidl
deleted file mode 100644
index 8a8be83..0000000
--- a/server/aidl_api/netd_aidl_interface/6/android/net/NativeVpnType.aidl
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-@Backing(type="int")
-enum NativeVpnType {
- SERVICE = 1,
- PLATFORM = 2,
- LEGACY = 3,
- OEM = 4,
-}
diff --git a/server/aidl_api/netd_aidl_interface/6/android/net/RouteInfoParcel.aidl b/server/aidl_api/netd_aidl_interface/6/android/net/RouteInfoParcel.aidl
deleted file mode 100644
index 5ef95e6..0000000
--- a/server/aidl_api/netd_aidl_interface/6/android/net/RouteInfoParcel.aidl
+++ /dev/null
@@ -1,40 +0,0 @@
-/**
- * Copyright (c) 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-parcelable RouteInfoParcel {
- @utf8InCpp String destination;
- @utf8InCpp String ifName;
- @utf8InCpp String nextHop;
- int mtu;
-}
diff --git a/server/aidl_api/netd_aidl_interface/6/android/net/TetherConfigParcel.aidl b/server/aidl_api/netd_aidl_interface/6/android/net/TetherConfigParcel.aidl
deleted file mode 100644
index 7b39c22..0000000
--- a/server/aidl_api/netd_aidl_interface/6/android/net/TetherConfigParcel.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright (C) 2019 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable TetherConfigParcel {
- boolean usingLegacyDnsProxy;
- @utf8InCpp String[] dhcpRanges;
-}
diff --git a/server/aidl_api/netd_aidl_interface/6/android/net/TetherOffloadRuleParcel.aidl b/server/aidl_api/netd_aidl_interface/6/android/net/TetherOffloadRuleParcel.aidl
deleted file mode 100644
index 983e986..0000000
--- a/server/aidl_api/netd_aidl_interface/6/android/net/TetherOffloadRuleParcel.aidl
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable TetherOffloadRuleParcel {
- int inputInterfaceIndex;
- int outputInterfaceIndex;
- byte[] destination;
- int prefixLength;
- byte[] srcL2Address;
- byte[] dstL2Address;
- int pmtu = 1500;
-}
diff --git a/server/aidl_api/netd_aidl_interface/6/android/net/TetherStatsParcel.aidl b/server/aidl_api/netd_aidl_interface/6/android/net/TetherStatsParcel.aidl
deleted file mode 100644
index 5f1b722..0000000
--- a/server/aidl_api/netd_aidl_interface/6/android/net/TetherStatsParcel.aidl
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright (C) 2018 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable TetherStatsParcel {
- @utf8InCpp String iface;
- long rxBytes;
- long rxPackets;
- long txBytes;
- long txPackets;
- int ifIndex = 0;
-}
diff --git a/server/aidl_api/netd_aidl_interface/6/android/net/UidRangeParcel.aidl b/server/aidl_api/netd_aidl_interface/6/android/net/UidRangeParcel.aidl
deleted file mode 100644
index 72e987a..0000000
--- a/server/aidl_api/netd_aidl_interface/6/android/net/UidRangeParcel.aidl
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright (C) 2018 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-@JavaDerive(equals=true, toString=true) @JavaOnlyImmutable
-parcelable UidRangeParcel {
- int start;
- int stop;
-}
diff --git a/server/aidl_api/netd_aidl_interface/current/android/net/INetd.aidl b/server/aidl_api/netd_aidl_interface/current/android/net/INetd.aidl
deleted file mode 100644
index a7952f2..0000000
--- a/server/aidl_api/netd_aidl_interface/current/android/net/INetd.aidl
+++ /dev/null
@@ -1,198 +0,0 @@
-/**
- * Copyright (c) 2016, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-interface INetd {
- boolean isAlive();
- boolean firewallReplaceUidChain(in @utf8InCpp String chainName, boolean isAllowlist, in int[] uids);
- boolean bandwidthEnableDataSaver(boolean enable);
- /**
- * @deprecated use networkCreate() instead.
- */
- void networkCreatePhysical(int netId, int permission);
- /**
- * @deprecated use networkCreate() instead.
- */
- void networkCreateVpn(int netId, boolean secure);
- void networkDestroy(int netId);
- void networkAddInterface(int netId, in @utf8InCpp String iface);
- void networkRemoveInterface(int netId, in @utf8InCpp String iface);
- void networkAddUidRanges(int netId, in android.net.UidRangeParcel[] uidRanges);
- void networkRemoveUidRanges(int netId, in android.net.UidRangeParcel[] uidRanges);
- void networkRejectNonSecureVpn(boolean add, in android.net.UidRangeParcel[] uidRanges);
- void socketDestroy(in android.net.UidRangeParcel[] uidRanges, in int[] exemptUids);
- boolean tetherApplyDnsInterfaces();
- android.net.TetherStatsParcel[] tetherGetStats();
- void interfaceAddAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString, int prefixLength);
- void interfaceDelAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString, int prefixLength);
- @utf8InCpp String getProcSysNet(int ipversion, int which, in @utf8InCpp String ifname, in @utf8InCpp String parameter);
- void setProcSysNet(int ipversion, int which, in @utf8InCpp String ifname, in @utf8InCpp String parameter, in @utf8InCpp String value);
- void ipSecSetEncapSocketOwner(in ParcelFileDescriptor socket, int newUid);
- int ipSecAllocateSpi(int transformId, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi);
- void ipSecAddSecurityAssociation(int transformId, int mode, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int underlyingNetId, int spi, int markValue, int markMask, in @utf8InCpp String authAlgo, in byte[] authKey, in int authTruncBits, in @utf8InCpp String cryptAlgo, in byte[] cryptKey, in int cryptTruncBits, in @utf8InCpp String aeadAlgo, in byte[] aeadKey, in int aeadIcvBits, int encapType, int encapLocalPort, int encapRemotePort, int interfaceId);
- void ipSecDeleteSecurityAssociation(int transformId, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi, int markValue, int markMask, int interfaceId);
- void ipSecApplyTransportModeTransform(in ParcelFileDescriptor socket, int transformId, int direction, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi);
- void ipSecRemoveTransportModeTransform(in ParcelFileDescriptor socket);
- void ipSecAddSecurityPolicy(int transformId, int selAddrFamily, int direction, in @utf8InCpp String tmplSrcAddress, in @utf8InCpp String tmplDstAddress, int spi, int markValue, int markMask, int interfaceId);
- void ipSecUpdateSecurityPolicy(int transformId, int selAddrFamily, int direction, in @utf8InCpp String tmplSrcAddress, in @utf8InCpp String tmplDstAddress, int spi, int markValue, int markMask, int interfaceId);
- void ipSecDeleteSecurityPolicy(int transformId, int selAddrFamily, int direction, int markValue, int markMask, int interfaceId);
- void ipSecAddTunnelInterface(in @utf8InCpp String deviceName, in @utf8InCpp String localAddress, in @utf8InCpp String remoteAddress, int iKey, int oKey, int interfaceId);
- void ipSecUpdateTunnelInterface(in @utf8InCpp String deviceName, in @utf8InCpp String localAddress, in @utf8InCpp String remoteAddress, int iKey, int oKey, int interfaceId);
- void ipSecRemoveTunnelInterface(in @utf8InCpp String deviceName);
- void wakeupAddInterface(in @utf8InCpp String ifName, in @utf8InCpp String prefix, int mark, int mask);
- void wakeupDelInterface(in @utf8InCpp String ifName, in @utf8InCpp String prefix, int mark, int mask);
- void setIPv6AddrGenMode(in @utf8InCpp String ifName, int mode);
- void idletimerAddInterface(in @utf8InCpp String ifName, int timeout, in @utf8InCpp String classLabel);
- void idletimerRemoveInterface(in @utf8InCpp String ifName, int timeout, in @utf8InCpp String classLabel);
- void strictUidCleartextPenalty(int uid, int policyPenalty);
- @utf8InCpp String clatdStart(in @utf8InCpp String ifName, in @utf8InCpp String nat64Prefix);
- void clatdStop(in @utf8InCpp String ifName);
- boolean ipfwdEnabled();
- @utf8InCpp String[] ipfwdGetRequesterList();
- void ipfwdEnableForwarding(in @utf8InCpp String requester);
- void ipfwdDisableForwarding(in @utf8InCpp String requester);
- void ipfwdAddInterfaceForward(in @utf8InCpp String fromIface, in @utf8InCpp String toIface);
- void ipfwdRemoveInterfaceForward(in @utf8InCpp String fromIface, in @utf8InCpp String toIface);
- void bandwidthSetInterfaceQuota(in @utf8InCpp String ifName, long bytes);
- void bandwidthRemoveInterfaceQuota(in @utf8InCpp String ifName);
- void bandwidthSetInterfaceAlert(in @utf8InCpp String ifName, long bytes);
- void bandwidthRemoveInterfaceAlert(in @utf8InCpp String ifName);
- void bandwidthSetGlobalAlert(long bytes);
- void bandwidthAddNaughtyApp(int uid);
- void bandwidthRemoveNaughtyApp(int uid);
- void bandwidthAddNiceApp(int uid);
- void bandwidthRemoveNiceApp(int uid);
- void tetherStart(in @utf8InCpp String[] dhcpRanges);
- void tetherStop();
- boolean tetherIsEnabled();
- void tetherInterfaceAdd(in @utf8InCpp String ifName);
- void tetherInterfaceRemove(in @utf8InCpp String ifName);
- @utf8InCpp String[] tetherInterfaceList();
- void tetherDnsSet(int netId, in @utf8InCpp String[] dnsAddrs);
- @utf8InCpp String[] tetherDnsList();
- void networkAddRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop);
- void networkRemoveRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop);
- void networkAddLegacyRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop, int uid);
- void networkRemoveLegacyRoute(int netId, in @utf8InCpp String ifName, in @utf8InCpp String destination, in @utf8InCpp String nextHop, int uid);
- int networkGetDefault();
- void networkSetDefault(int netId);
- void networkClearDefault();
- void networkSetPermissionForNetwork(int netId, int permission);
- void networkSetPermissionForUser(int permission, in int[] uids);
- void networkClearPermissionForUser(in int[] uids);
- void trafficSetNetPermForUids(int permission, in int[] uids);
- void networkSetProtectAllow(int uid);
- void networkSetProtectDeny(int uid);
- boolean networkCanProtect(int uid);
- void firewallSetFirewallType(int firewalltype);
- void firewallSetInterfaceRule(in @utf8InCpp String ifName, int firewallRule);
- void firewallSetUidRule(int childChain, int uid, int firewallRule);
- void firewallEnableChildChain(int childChain, boolean enable);
- @utf8InCpp String[] interfaceGetList();
- android.net.InterfaceConfigurationParcel interfaceGetCfg(in @utf8InCpp String ifName);
- void interfaceSetCfg(in android.net.InterfaceConfigurationParcel cfg);
- void interfaceSetIPv6PrivacyExtensions(in @utf8InCpp String ifName, boolean enable);
- void interfaceClearAddrs(in @utf8InCpp String ifName);
- void interfaceSetEnableIPv6(in @utf8InCpp String ifName, boolean enable);
- void interfaceSetMtu(in @utf8InCpp String ifName, int mtu);
- void tetherAddForward(in @utf8InCpp String intIface, in @utf8InCpp String extIface);
- void tetherRemoveForward(in @utf8InCpp String intIface, in @utf8InCpp String extIface);
- void setTcpRWmemorySize(in @utf8InCpp String rmemValues, in @utf8InCpp String wmemValues);
- void registerUnsolicitedEventListener(android.net.INetdUnsolicitedEventListener listener);
- void firewallAddUidInterfaceRules(in @utf8InCpp String ifName, in int[] uids);
- void firewallRemoveUidInterfaceRules(in int[] uids);
- void trafficSwapActiveStatsMap();
- IBinder getOemNetd();
- void tetherStartWithConfiguration(in android.net.TetherConfigParcel config);
- android.net.MarkMaskParcel getFwmarkForNetwork(int netId);
- void networkAddRouteParcel(int netId, in android.net.RouteInfoParcel routeInfo);
- void networkUpdateRouteParcel(int netId, in android.net.RouteInfoParcel routeInfo);
- void networkRemoveRouteParcel(int netId, in android.net.RouteInfoParcel routeInfo);
- void tetherOffloadRuleAdd(in android.net.TetherOffloadRuleParcel rule);
- void tetherOffloadRuleRemove(in android.net.TetherOffloadRuleParcel rule);
- android.net.TetherStatsParcel[] tetherOffloadGetStats();
- void tetherOffloadSetInterfaceQuota(int ifIndex, long quotaBytes);
- android.net.TetherStatsParcel tetherOffloadGetAndClearStats(int ifIndex);
- void networkCreate(in android.net.NativeNetworkConfig config);
- const int IPV4 = 4;
- const int IPV6 = 6;
- const int CONF = 1;
- const int NEIGH = 2;
- const String IPSEC_INTERFACE_PREFIX = "ipsec";
- const int IPV6_ADDR_GEN_MODE_EUI64 = 0;
- const int IPV6_ADDR_GEN_MODE_NONE = 1;
- const int IPV6_ADDR_GEN_MODE_STABLE_PRIVACY = 2;
- const int IPV6_ADDR_GEN_MODE_RANDOM = 3;
- const int IPV6_ADDR_GEN_MODE_DEFAULT = 0;
- const int PENALTY_POLICY_ACCEPT = 1;
- const int PENALTY_POLICY_LOG = 2;
- const int PENALTY_POLICY_REJECT = 3;
- const int LOCAL_NET_ID = 99;
- const int DUMMY_NET_ID = 51;
- const int UNREACHABLE_NET_ID = 52;
- const String NEXTHOP_NONE = "";
- const String NEXTHOP_UNREACHABLE = "unreachable";
- const String NEXTHOP_THROW = "throw";
- const int PERMISSION_NONE = 0;
- const int PERMISSION_NETWORK = 1;
- const int PERMISSION_SYSTEM = 2;
- const int NO_PERMISSIONS = 0;
- const int PERMISSION_INTERNET = 4;
- const int PERMISSION_UPDATE_DEVICE_STATS = 8;
- const int PERMISSION_UNINSTALLED = -1;
- /**
- * @deprecated use FIREWALL_ALLOWLIST.
- */
- const int FIREWALL_WHITELIST = 0;
- const int FIREWALL_ALLOWLIST = 0;
- /**
- * @deprecated use FIREWALL_DENYLIST.
- */
- const int FIREWALL_BLACKLIST = 1;
- const int FIREWALL_DENYLIST = 1;
- const int FIREWALL_RULE_ALLOW = 1;
- const int FIREWALL_RULE_DENY = 2;
- const int FIREWALL_CHAIN_NONE = 0;
- const int FIREWALL_CHAIN_DOZABLE = 1;
- const int FIREWALL_CHAIN_STANDBY = 2;
- const int FIREWALL_CHAIN_POWERSAVE = 3;
- const int FIREWALL_CHAIN_RESTRICTED = 4;
- const String IF_STATE_UP = "up";
- const String IF_STATE_DOWN = "down";
- const String IF_FLAG_BROADCAST = "broadcast";
- const String IF_FLAG_LOOPBACK = "loopback";
- const String IF_FLAG_POINTOPOINT = "point-to-point";
- const String IF_FLAG_RUNNING = "running";
- const String IF_FLAG_MULTICAST = "multicast";
-}
diff --git a/server/aidl_api/netd_aidl_interface/current/android/net/INetdUnsolicitedEventListener.aidl b/server/aidl_api/netd_aidl_interface/current/android/net/INetdUnsolicitedEventListener.aidl
deleted file mode 100644
index 31775df..0000000
--- a/server/aidl_api/netd_aidl_interface/current/android/net/INetdUnsolicitedEventListener.aidl
+++ /dev/null
@@ -1,48 +0,0 @@
-/**
- * Copyright (c) 2018, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-interface INetdUnsolicitedEventListener {
- oneway void onInterfaceClassActivityChanged(boolean isActive, int timerLabel, long timestampNs, int uid);
- oneway void onQuotaLimitReached(@utf8InCpp String alertName, @utf8InCpp String ifName);
- oneway void onInterfaceDnsServerInfo(@utf8InCpp String ifName, long lifetimeS, in @utf8InCpp String[] servers);
- oneway void onInterfaceAddressUpdated(@utf8InCpp String addr, @utf8InCpp String ifName, int flags, int scope);
- oneway void onInterfaceAddressRemoved(@utf8InCpp String addr, @utf8InCpp String ifName, int flags, int scope);
- oneway void onInterfaceAdded(@utf8InCpp String ifName);
- oneway void onInterfaceRemoved(@utf8InCpp String ifName);
- oneway void onInterfaceChanged(@utf8InCpp String ifName, boolean up);
- oneway void onInterfaceLinkStateChanged(@utf8InCpp String ifName, boolean up);
- oneway void onRouteChanged(boolean updated, @utf8InCpp String route, @utf8InCpp String gateway, @utf8InCpp String ifName);
- oneway void onStrictCleartextDetected(int uid, @utf8InCpp String hex);
-}
diff --git a/server/aidl_api/netd_aidl_interface/current/android/net/InterfaceConfigurationParcel.aidl b/server/aidl_api/netd_aidl_interface/current/android/net/InterfaceConfigurationParcel.aidl
deleted file mode 100644
index 1869d8d..0000000
--- a/server/aidl_api/netd_aidl_interface/current/android/net/InterfaceConfigurationParcel.aidl
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2018 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable InterfaceConfigurationParcel {
- @utf8InCpp String ifName;
- @utf8InCpp String hwAddr;
- @utf8InCpp String ipv4Addr;
- int prefixLength;
- @utf8InCpp String[] flags;
-}
diff --git a/server/aidl_api/netd_aidl_interface/current/android/net/MarkMaskParcel.aidl b/server/aidl_api/netd_aidl_interface/current/android/net/MarkMaskParcel.aidl
deleted file mode 100644
index 8ea20d1..0000000
--- a/server/aidl_api/netd_aidl_interface/current/android/net/MarkMaskParcel.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright (C) 2019 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable MarkMaskParcel {
- int mark;
- int mask;
-}
diff --git a/server/aidl_api/netd_aidl_interface/current/android/net/NativeNetworkConfig.aidl b/server/aidl_api/netd_aidl_interface/current/android/net/NativeNetworkConfig.aidl
deleted file mode 100644
index 76562b2..0000000
--- a/server/aidl_api/netd_aidl_interface/current/android/net/NativeNetworkConfig.aidl
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-@JavaDerive(equals=true, toString=true) @JavaOnlyImmutable
-parcelable NativeNetworkConfig {
- int netId;
- android.net.NativeNetworkType networkType = android.net.NativeNetworkType.PHYSICAL;
- int permission;
- boolean secure;
- android.net.NativeVpnType vpnType = android.net.NativeVpnType.PLATFORM;
-}
diff --git a/server/aidl_api/netd_aidl_interface/current/android/net/NativeNetworkType.aidl b/server/aidl_api/netd_aidl_interface/current/android/net/NativeNetworkType.aidl
deleted file mode 100644
index 06c8979..0000000
--- a/server/aidl_api/netd_aidl_interface/current/android/net/NativeNetworkType.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-@Backing(type="int")
-enum NativeNetworkType {
- PHYSICAL = 0,
- VIRTUAL = 1,
-}
diff --git a/server/aidl_api/netd_aidl_interface/current/android/net/NativeVpnType.aidl b/server/aidl_api/netd_aidl_interface/current/android/net/NativeVpnType.aidl
deleted file mode 100644
index 8a8be83..0000000
--- a/server/aidl_api/netd_aidl_interface/current/android/net/NativeVpnType.aidl
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-@Backing(type="int")
-enum NativeVpnType {
- SERVICE = 1,
- PLATFORM = 2,
- LEGACY = 3,
- OEM = 4,
-}
diff --git a/server/aidl_api/netd_aidl_interface/current/android/net/RouteInfoParcel.aidl b/server/aidl_api/netd_aidl_interface/current/android/net/RouteInfoParcel.aidl
deleted file mode 100644
index 5ef95e6..0000000
--- a/server/aidl_api/netd_aidl_interface/current/android/net/RouteInfoParcel.aidl
+++ /dev/null
@@ -1,40 +0,0 @@
-/**
- * Copyright (c) 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-parcelable RouteInfoParcel {
- @utf8InCpp String destination;
- @utf8InCpp String ifName;
- @utf8InCpp String nextHop;
- int mtu;
-}
diff --git a/server/aidl_api/netd_aidl_interface/current/android/net/TetherConfigParcel.aidl b/server/aidl_api/netd_aidl_interface/current/android/net/TetherConfigParcel.aidl
deleted file mode 100644
index 7b39c22..0000000
--- a/server/aidl_api/netd_aidl_interface/current/android/net/TetherConfigParcel.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright (C) 2019 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable TetherConfigParcel {
- boolean usingLegacyDnsProxy;
- @utf8InCpp String[] dhcpRanges;
-}
diff --git a/server/aidl_api/netd_aidl_interface/current/android/net/TetherOffloadRuleParcel.aidl b/server/aidl_api/netd_aidl_interface/current/android/net/TetherOffloadRuleParcel.aidl
deleted file mode 100644
index 983e986..0000000
--- a/server/aidl_api/netd_aidl_interface/current/android/net/TetherOffloadRuleParcel.aidl
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable TetherOffloadRuleParcel {
- int inputInterfaceIndex;
- int outputInterfaceIndex;
- byte[] destination;
- int prefixLength;
- byte[] srcL2Address;
- byte[] dstL2Address;
- int pmtu = 1500;
-}
diff --git a/server/aidl_api/netd_aidl_interface/current/android/net/TetherStatsParcel.aidl b/server/aidl_api/netd_aidl_interface/current/android/net/TetherStatsParcel.aidl
deleted file mode 100644
index 5f1b722..0000000
--- a/server/aidl_api/netd_aidl_interface/current/android/net/TetherStatsParcel.aidl
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright (C) 2018 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-parcelable TetherStatsParcel {
- @utf8InCpp String iface;
- long rxBytes;
- long rxPackets;
- long txBytes;
- long txPackets;
- int ifIndex = 0;
-}
diff --git a/server/aidl_api/netd_aidl_interface/current/android/net/UidRangeParcel.aidl b/server/aidl_api/netd_aidl_interface/current/android/net/UidRangeParcel.aidl
deleted file mode 100644
index 72e987a..0000000
--- a/server/aidl_api/netd_aidl_interface/current/android/net/UidRangeParcel.aidl
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright (C) 2018 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net;
-/* @hide */
-@JavaDerive(equals=true, toString=true) @JavaOnlyImmutable
-parcelable UidRangeParcel {
- int start;
- int stop;
-}
diff --git a/server/aidl_api/netd_event_listener_interface/1/.hash b/server/aidl_api/netd_event_listener_interface/1/.hash
deleted file mode 100644
index f39f730..0000000
--- a/server/aidl_api/netd_event_listener_interface/1/.hash
+++ /dev/null
@@ -1 +0,0 @@
-8e27594d285ca7c567d87e8cf74766c27647e02b
diff --git a/server/aidl_api/netd_event_listener_interface/1/android/net/metrics/INetdEventListener.aidl b/server/aidl_api/netd_event_listener_interface/1/android/net/metrics/INetdEventListener.aidl
deleted file mode 100644
index 9898a67..0000000
--- a/server/aidl_api/netd_event_listener_interface/1/android/net/metrics/INetdEventListener.aidl
+++ /dev/null
@@ -1,34 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a frozen snapshot of an AIDL interface (or parcelable). Do not
-// try to edit this file. It looks like you are doing that because you have
-// modified an AIDL interface in a backward-incompatible way, e.g., deleting a
-// function from an interface or a field from a parcelable and it broke the
-// build. That breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net.metrics;
-interface INetdEventListener {
- oneway void onDnsEvent(int netId, int eventType, int returnCode, int latencyMs, @utf8InCpp String hostname, in @utf8InCpp String[] ipAddresses, int ipAddressesCount, int uid);
- oneway void onPrivateDnsValidationEvent(int netId, String ipAddress, String hostname, boolean validated);
- oneway void onConnectEvent(int netId, int error, int latencyMs, String ipAddr, int port, int uid);
- oneway void onWakeupEvent(String prefix, int uid, int ethertype, int ipNextHeader, in byte[] dstHw, String srcIp, String dstIp, int srcPort, int dstPort, long timestampNs);
- oneway void onTcpSocketStatsEvent(in int[] networkIds, in int[] sentPackets, in int[] lostPackets, in int[] rttUs, in int[] sentAckDiffMs);
- oneway void onNat64PrefixEvent(int netId, boolean added, @utf8InCpp String prefixString, int prefixLength);
- const int EVENT_GETADDRINFO = 1;
- const int EVENT_GETHOSTBYNAME = 2;
- const int EVENT_GETHOSTBYADDR = 3;
- const int EVENT_RES_NSEND = 4;
- const int REPORTING_LEVEL_NONE = 0;
- const int REPORTING_LEVEL_METRICS = 1;
- const int REPORTING_LEVEL_FULL = 2;
- const int DNS_REPORTED_IP_ADDRESSES_LIMIT = 10;
-}
diff --git a/server/aidl_api/netd_event_listener_interface/current/android/net/metrics/INetdEventListener.aidl b/server/aidl_api/netd_event_listener_interface/current/android/net/metrics/INetdEventListener.aidl
deleted file mode 100644
index d71c3f2..0000000
--- a/server/aidl_api/netd_event_listener_interface/current/android/net/metrics/INetdEventListener.aidl
+++ /dev/null
@@ -1,35 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.net.metrics;
-/* @hide */
-interface INetdEventListener {
- oneway void onDnsEvent(int netId, int eventType, int returnCode, int latencyMs, @utf8InCpp String hostname, in @utf8InCpp String[] ipAddresses, int ipAddressesCount, int uid);
- oneway void onPrivateDnsValidationEvent(int netId, String ipAddress, String hostname, boolean validated);
- oneway void onConnectEvent(int netId, int error, int latencyMs, String ipAddr, int port, int uid);
- oneway void onWakeupEvent(String prefix, int uid, int ethertype, int ipNextHeader, in byte[] dstHw, String srcIp, String dstIp, int srcPort, int dstPort, long timestampNs);
- oneway void onTcpSocketStatsEvent(in int[] networkIds, in int[] sentPackets, in int[] lostPackets, in int[] rttUs, in int[] sentAckDiffMs);
- oneway void onNat64PrefixEvent(int netId, boolean added, @utf8InCpp String prefixString, int prefixLength);
- const int EVENT_GETADDRINFO = 1;
- const int EVENT_GETHOSTBYNAME = 2;
- const int EVENT_GETHOSTBYADDR = 3;
- const int EVENT_RES_NSEND = 4;
- const int REPORTING_LEVEL_NONE = 0;
- const int REPORTING_LEVEL_METRICS = 1;
- const int REPORTING_LEVEL_FULL = 2;
- const int DNS_REPORTED_IP_ADDRESSES_LIMIT = 10;
-}
diff --git a/server/binder/android/net/INetd.aidl b/server/binder/android/net/INetd.aidl
deleted file mode 100644
index 8a02831..0000000
--- a/server/binder/android/net/INetd.aidl
+++ /dev/null
@@ -1,1352 +0,0 @@
-/**
- * Copyright (c) 2016, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net;
-
-import android.net.INetdUnsolicitedEventListener;
-import android.net.InterfaceConfigurationParcel;
-import android.net.MarkMaskParcel;
-import android.net.NativeNetworkConfig;
-import android.net.RouteInfoParcel;
-import android.net.TetherConfigParcel;
-import android.net.TetherOffloadRuleParcel;
-import android.net.TetherStatsParcel;
-import android.net.UidRangeParcel;
-
-/** {@hide} */
-interface INetd {
- /**
- * Returns true if the service is responding.
- */
- boolean isAlive();
-
- /**
- * Replaces the contents of the specified UID-based firewall chain.
- *
- * The chain may be an allowlist chain or a denylist chain. A denylist chain contains DROP
- * rules for the specified UIDs and a RETURN rule at the end. An allowlist chain contains RETURN
- * rules for the system UID range (0 to {@code UID_APP} - 1), RETURN rules for for the specified
- * UIDs, and a DROP rule at the end. The chain will be created if it does not exist.
- *
- * @param chainName The name of the chain to replace.
- * @param isAllowlist Whether this is an allowlist or denylist chain.
- * @param uids The list of UIDs to allow/deny.
- * @return true if the chain was successfully replaced, false otherwise.
- */
- boolean firewallReplaceUidChain(in @utf8InCpp String chainName,
- boolean isAllowlist,
- in int[] uids);
-
- /**
- * Enables or disables data saver mode on costly network interfaces.
- *
- * - When disabled, all packets to/from apps in the penalty box chain are rejected on costly
- * interfaces. Traffic to/from other apps or on other network interfaces is allowed.
- * - When enabled, only apps that are in the happy box chain and not in the penalty box chain
- * are allowed network connectivity on costly interfaces. All other packets on these
- * interfaces are rejected. The happy box chain always contains all system UIDs; to disallow
- * traffic from system UIDs, place them in the penalty box chain.
- *
- * By default, data saver mode is disabled. This command has no effect but might still return an
- * error) if {@code enable} is the same as the current value.
- *
- * @param enable whether to enable or disable data saver mode.
- * @return true if the if the operation was successful, false otherwise.
- */
- boolean bandwidthEnableDataSaver(boolean enable);
-
- /**
- * Creates a physical network (i.e., one containing physical interfaces.
- * @deprecated use networkCreate() instead.
- *
- * @param netId the networkId to create.
- * @param permission the permission necessary to use the network. Must be one of
- * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM.
- *
- * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
- * unix errno.
- */
- void networkCreatePhysical(int netId, int permission);
-
- /**
- * Creates a VPN network.
- * @deprecated use networkCreate() instead.
- *
- * @param netId the network to create.
- * @param secure whether unprivileged apps are allowed to bypass the VPN.
- *
- * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
- * unix errno.
- */
- void networkCreateVpn(int netId, boolean secure);
-
- /**
- * Destroys a network. Any interfaces added to the network are removed, and the network ceases
- * to be the default network.
- *
- * @param netId the network to destroy.
- *
- * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
- * unix errno.
- */
- void networkDestroy(int netId);
-
- /**
- * Adds an interface to a network. The interface must not be assigned to any network, including
- * the specified network.
- *
- * @param netId the network to add the interface to.
- * @param interface the name of the interface to add.
- *
- * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
- * unix errno.
- */
- void networkAddInterface(int netId, in @utf8InCpp String iface);
-
- /**
- * Adds an interface to a network. The interface must be assigned to the specified network.
- *
- * @param netId the network to remove the interface from.
- * @param interface the name of the interface to remove.
- *
- * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
- * unix errno.
- */
- void networkRemoveInterface(int netId, in @utf8InCpp String iface);
-
- /**
- * Adds the specified UID ranges to the specified network. The network can be physical or
- * virtual. Traffic from the UID ranges will be routed to the network by default.
- *
- * @param netId the network ID of the network to add the ranges to.
- * @param uidRanges a set of non-overlapping ranges of UIDs to add. These exact ranges
- * must not overlap with existing ranges assigned to this network.
- *
- * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
- * unix errno.
- */
- void networkAddUidRanges(int netId, in UidRangeParcel[] uidRanges);
-
- /**
- * Remove the specified UID ranges from the specified network. The network can be physical or
- * virtual. Traffic from the UID ranges will no longer be routed to the network by default.
- *
- * @param netId the network ID of the network to remove the ranges from.
- * @param uidRanges a set of non-overlapping ranges of UIDs to remove. These exact ranges
- * must already be assigned to this network.
- *
- * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
- * unix errno.
- */
- void networkRemoveUidRanges(int netId, in UidRangeParcel[] uidRanges);
-
- /**
- * Adds or removes one rule for each supplied UID range to prohibit all network activity outside
- * of secure VPN.
- *
- * When a UID is covered by one of these rules, traffic sent through any socket that is not
- * protected or explicitly overriden by the system will be rejected. The kernel will respond
- * with an ICMP prohibit message.
- *
- * Initially, there are no such rules. Any rules that are added will only last until the next
- * restart of netd or the device.
- *
- * @param add {@code true} if the specified UID ranges should be denied access to any network
- * which is not secure VPN by adding rules, {@code false} to remove existing rules.
- * @param uidRanges a set of non-overlapping, contiguous ranges of UIDs to which to apply or
- * remove this restriction.
- * <p> Added rules should not overlap with existing rules. Likewise, removed rules should
- * each correspond to an existing rule.
- *
- * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
- * unix errno.
- */
- void networkRejectNonSecureVpn(boolean add, in UidRangeParcel[] uidRanges);
-
- /**
- * Administratively closes sockets belonging to the specified UIDs.
- */
- void socketDestroy(in UidRangeParcel[] uidRanges, in int[] exemptUids);
-
- /**
- * Instruct the tethering DNS server to reevaluated serving interfaces.
- * This is needed to for the DNS server to observe changes in the set
- * of potential listening IP addresses. (Listening on wildcard addresses
- * can turn the device into an open resolver; b/7530468)
- *
- * TODO: Return something richer than just a boolean.
- */
- boolean tetherApplyDnsInterfaces();
-
- /**
- * Return tethering statistics.
- *
- * @return an array of TetherStatsParcel, where each entry contains the upstream interface
- * name and its tethering statistics since netd startup.
- * There will only ever be one entry for a given interface.
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- TetherStatsParcel[] tetherGetStats();
-
- /**
- * Add/Remove and IP address from an interface.
- *
- * @param ifName the interface name
- * @param addrString the IP address to add/remove as a string literal
- * @param prefixLength the prefix length associated with this IP address
- *
- * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
- * unix errno.
- */
- void interfaceAddAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString,
- int prefixLength);
- void interfaceDelAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString,
- int prefixLength);
-
- /**
- * Set and get /proc/sys/net interface configuration parameters.
- *
- * @param ipversion One of IPV4/IPV6 integers, indicating the desired IP version directory.
- * @param which One of CONF/NEIGH integers, indicating the desired parameter category directory.
- * @param ifname The interface name portion of the path; may also be "all" or "default".
- * @param parameter The parameter name portion of the path.
- * @param value The value string to be written into the assembled path.
- *
- * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
- * unix errno.
- */
-
- const int IPV4 = 4;
- const int IPV6 = 6;
- const int CONF = 1;
- const int NEIGH = 2;
- @utf8InCpp String getProcSysNet(int ipversion, int which, in @utf8InCpp String ifname,
- in @utf8InCpp String parameter);
- void setProcSysNet(int ipversion, int which, in @utf8InCpp String ifname,
- in @utf8InCpp String parameter, in @utf8InCpp String value);
-
- /**
- * Sets owner of socket ParcelFileDescriptor to the new UID, checking to ensure that the caller's
- * uid is that of the old owner's, and that this is a UDP-encap socket
- *
- * @param ParcelFileDescriptor socket Socket file descriptor
- * @param int newUid UID of the new socket fd owner
- */
- void ipSecSetEncapSocketOwner(in ParcelFileDescriptor socket, int newUid);
-
- /**
- * Reserve an SPI from the kernel
- *
- * @param transformId a unique identifier for allocated resources
- * @param sourceAddress InetAddress as string for the sending endpoint
- * @param destinationAddress InetAddress as string for the receiving endpoint
- * @param spi a requested 32-bit unique ID or 0 to request random allocation
- * @return the SPI that was allocated or 0 if failed
- */
- int ipSecAllocateSpi(
- int transformId,
- in @utf8InCpp String sourceAddress,
- in @utf8InCpp String destinationAddress,
- int spi);
-
- /**
- * Create an IpSec Security Association describing how ip(v6) traffic will be encrypted
- * or decrypted.
- *
- * @param transformId a unique identifier for allocated resources
- * @param mode either Transport or Tunnel mode
- * @param sourceAddress InetAddress as string for the sending endpoint
- * @param destinationAddress InetAddress as string for the receiving endpoint
- * @param underlyingNetId the netId of the network to which the SA is applied. Only accepted for
- * tunnel mode SAs.
- * @param spi a 32-bit unique ID allocated to the user
- * @param markValue a 32-bit unique ID chosen by the user
- * @param markMask a 32-bit mask chosen by the user
- * @param authAlgo a string identifying the authentication algorithm to be used
- * @param authKey a byte array containing the authentication key
- * @param authTruncBits the truncation length of the MAC produced by the authentication algorithm
- * @param cryptAlgo a string identifying the encryption algorithm to be used
- * @param cryptKey a byte arrray containing the encryption key
- * @param cryptTruncBits unused parameter
- * @param aeadAlgo a string identifying the authenticated encryption algorithm to be used
- * @param aeadKey a byte arrray containing the key to be used in authenticated encryption
- * @param aeadIcvBits the truncation length of the ICV produced by the authentication algorithm
- * (similar to authTruncBits in function)
- * @param encapType encapsulation type used (if any) for the udp encap socket
- * @param encapLocalPort the port number on the host to be used in encap packets
- * @param encapRemotePort the port number of the remote to be used for encap packets
- * @param interfaceId the identifier for the IPsec tunnel interface.
- * Only accepted for tunnel mode SAs.
- */
- void ipSecAddSecurityAssociation(
- int transformId,
- int mode,
- in @utf8InCpp String sourceAddress,
- in @utf8InCpp String destinationAddress,
- int underlyingNetId,
- int spi,
- int markValue,
- int markMask,
- in @utf8InCpp String authAlgo, in byte[] authKey, in int authTruncBits,
- in @utf8InCpp String cryptAlgo, in byte[] cryptKey, in int cryptTruncBits,
- in @utf8InCpp String aeadAlgo, in byte[] aeadKey, in int aeadIcvBits,
- int encapType,
- int encapLocalPort,
- int encapRemotePort,
- int interfaceId);
-
- /**
- * Delete a previously created security association identified by the provided parameters
- *
- * @param transformId a unique identifier for allocated resources
- * @param sourceAddress InetAddress as string for the sending endpoint
- * @param destinationAddress InetAddress as string for the receiving endpoint
- * @param spi a requested 32-bit unique ID allocated to the user
- * @param markValue a 32-bit unique ID chosen by the user
- * @param markMask a 32-bit mask chosen by the user
- * @param interfaceId the identifier for the IPsec tunnel interface.
- */
- void ipSecDeleteSecurityAssociation(
- int transformId,
- in @utf8InCpp String sourceAddress,
- in @utf8InCpp String destinationAddress,
- int spi,
- int markValue,
- int markMask,
- int interfaceId);
-
- /**
- * Apply a previously created SA to a specified socket, starting IPsec on that socket
- *
- * @param socket a user-provided socket that will have IPsec applied
- * @param transformId a unique identifier for allocated resources
- * @param direction DIRECTION_IN or DIRECTION_OUT
- * @param sourceAddress InetAddress as string for the sending endpoint
- * @param destinationAddress InetAddress as string for the receiving endpoint
- * @param spi a 32-bit unique ID allocated to the user (socket owner)
- */
- void ipSecApplyTransportModeTransform(
- in ParcelFileDescriptor socket,
- int transformId,
- int direction,
- in @utf8InCpp String sourceAddress,
- in @utf8InCpp String destinationAddress,
- int spi);
-
- /**
- * Remove an IPsec SA from a given socket. This will allow unencrypted traffic to flow
- * on that socket if a transform had been previously applied.
- *
- * @param socket a user-provided socket from which to remove any IPsec configuration
- */
- void ipSecRemoveTransportModeTransform(
- in ParcelFileDescriptor socket);
-
- /**
- * Adds an IPsec global policy.
- *
- * @param transformId a unique identifier for allocated resources
- * @param selAddrFamily the address family identifier for the selector
- * @param direction DIRECTION_IN or DIRECTION_OUT
- * @param tmplSrcAddress InetAddress as string for the sending endpoint
- * @param tmplDstAddress InetAddress as string for the receiving endpoint
- * @param spi a 32-bit unique ID allocated to the user
- * @param markValue a 32-bit unique ID chosen by the user
- * @param markMask a 32-bit mask chosen by the user
- * @param interfaceId the identifier for the IPsec tunnel interface.
- */
- void ipSecAddSecurityPolicy(
- int transformId,
- int selAddrFamily,
- int direction,
- in @utf8InCpp String tmplSrcAddress,
- in @utf8InCpp String tmplDstAddress,
- int spi,
- int markValue,
- int markMask,
- int interfaceId);
-
- /**
- * Updates an IPsec global policy.
- *
- * @param transformId a unique identifier for allocated resources
- * @param selAddrFamily the address family identifier for the selector
- * @param direction DIRECTION_IN or DIRECTION_OUT
- * @param tmplSrcAddress InetAddress as string for the sending endpoint
- * @param tmplDstAddress InetAddress as string for the receiving endpoint
- * @param spi a 32-bit unique ID allocated to the user
- * @param markValue a 32-bit unique ID chosen by the user
- * @param markMask a 32-bit mask chosen by the user
- * @param interfaceId the identifier for the IPsec tunnel interface.
- */
- void ipSecUpdateSecurityPolicy(
- int transformId,
- int selAddrFamily,
- int direction,
- in @utf8InCpp String tmplSrcAddress,
- in @utf8InCpp String tmplDstAddress,
- int spi,
- int markValue,
- int markMask,
- int interfaceId);
-
- /**
- * Deletes an IPsec global policy.
- *
- * Deletion of global policies does not do any matching based on the templates, thus
- * template source/destination addresses are not needed (as opposed to add/update).
- *
- * @param transformId a unique identifier for allocated resources
- * @param selAddrFamily the address family identifier for the selector
- * @param direction DIRECTION_IN or DIRECTION_OUT
- * @param markValue a 32-bit unique ID chosen by the user
- * @param markMask a 32-bit mask chosen by the user
- * @param interfaceId the identifier for the IPsec tunnel interface.
- */
- void ipSecDeleteSecurityPolicy(
- int transformId,
- int selAddrFamily,
- int direction,
- int markValue,
- int markMask,
- int interfaceId);
-
- // This could not be declared as @uft8InCpp; thus, when used in native code it must be
- // converted from a UTF-16 string to an ASCII string.
- const String IPSEC_INTERFACE_PREFIX = "ipsec";
-
- /**
- * Add a IPsec Tunnel Interface.
- *
- * @param devName a unique identifier that represents the name of the device
- * @param localAddress InetAddress as string for the local endpoint
- * @param remoteAddress InetAddress as string for the remote endpoint
- * @param iKey, to match Policies and SAs for input packets.
- * @param oKey, to match Policies and SAs for output packets.
- * @param interfaceId the identifier for the IPsec tunnel interface.
- */
- void ipSecAddTunnelInterface(
- in @utf8InCpp String deviceName,
- in @utf8InCpp String localAddress,
- in @utf8InCpp String remoteAddress,
- int iKey,
- int oKey,
- int interfaceId);
-
- /**
- * Update a IPsec Tunnel Interface.
- *
- * @param devName a unique identifier that represents the name of the device
- * @param localAddress InetAddress as string for the local endpoint
- * @param remoteAddress InetAddress as string for the remote endpoint
- * @param iKey, to match Policies and SAs for input packets.
- * @param oKey, to match Policies and SAs for output packets.
- * @param interfaceId the identifier for the IPsec tunnel interface.
- */
- void ipSecUpdateTunnelInterface(
- in @utf8InCpp String deviceName,
- in @utf8InCpp String localAddress,
- in @utf8InCpp String remoteAddress,
- int iKey,
- int oKey,
- int interfaceId);
-
- /**
- * Removes a IPsec Tunnel Interface.
- *
- * @param devName a unique identifier that represents the name of the device
- */
- void ipSecRemoveTunnelInterface(in @utf8InCpp String deviceName);
-
- /**
- * Request notification of wakeup packets arriving on an interface. Notifications will be
- * delivered to INetdEventListener.onWakeupEvent().
- *
- * @param ifName the interface
- * @param prefix arbitrary string used to identify wakeup sources in onWakeupEvent
- */
- void wakeupAddInterface(in @utf8InCpp String ifName, in @utf8InCpp String prefix, int mark, int mask);
-
- /**
- * Stop notification of wakeup packets arriving on an interface.
- *
- * @param ifName the interface
- * @param prefix arbitrary string used to identify wakeup sources in onWakeupEvent
- */
- void wakeupDelInterface(in @utf8InCpp String ifName, in @utf8InCpp String prefix, int mark, int mask);
-
- const int IPV6_ADDR_GEN_MODE_EUI64 = 0;
- const int IPV6_ADDR_GEN_MODE_NONE = 1;
- const int IPV6_ADDR_GEN_MODE_STABLE_PRIVACY = 2;
- const int IPV6_ADDR_GEN_MODE_RANDOM = 3;
-
- const int IPV6_ADDR_GEN_MODE_DEFAULT = 0;
- /**
- * Set IPv6 address generation mode. IPv6 should be disabled before changing mode.
- *
- * @param mode SLAAC address generation mechanism to use
- */
- void setIPv6AddrGenMode(in @utf8InCpp String ifName, int mode);
-
- /**
- * Add idletimer for specific interface
- *
- * @param ifName Name of target interface
- * @param timeout The time in seconds that will trigger idletimer
- * @param classLabel The unique identifier for this idletimer
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void idletimerAddInterface(
- in @utf8InCpp String ifName,
- int timeout,
- in @utf8InCpp String classLabel);
-
- /**
- * Remove idletimer for specific interface
- *
- * @param ifName Name of target interface
- * @param timeout The time in seconds that will trigger idletimer
- * @param classLabel The unique identifier for this idletimer
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void idletimerRemoveInterface(
- in @utf8InCpp String ifName,
- int timeout,
- in @utf8InCpp String classLabel);
-
- const int PENALTY_POLICY_ACCEPT = 1;
- const int PENALTY_POLICY_LOG = 2;
- const int PENALTY_POLICY_REJECT = 3;
-
- /**
- * Offers to detect sockets sending data not wrapped inside a layer of SSL/TLS encryption.
- *
- * @param uid Uid of the app
- * @param policyPenalty The penalty policy of the app
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void strictUidCleartextPenalty(int uid, int policyPenalty);
-
- /**
- * Start clatd
- *
- * @param ifName interface name to start clatd
- * @param nat64Prefix the NAT64 prefix, e.g., "2001:db8:64::/96".
- * @return a string, the IPv6 address that will be used for 464xlat.
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- @utf8InCpp String clatdStart(in @utf8InCpp String ifName, in @utf8InCpp String nat64Prefix);
-
- /**
- * Stop clatd
- *
- * @param ifName interface name to stop clatd
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void clatdStop(in @utf8InCpp String ifName);
-
- /**
- * Get status of IP forwarding
- *
- * @return true if IP forwarding is enabled, false otherwise.
- */
- boolean ipfwdEnabled();
-
- /**
- * Get requester list of IP forwarding
- *
- * @return An array of strings containing requester list of IP forwarding
- */
- @utf8InCpp String[] ipfwdGetRequesterList();
-
- /**
- * Enable IP forwarding for specific requester
- *
- * @param requester requester name to enable IP forwarding. It is a unique name which will be
- * stored in Netd to make sure if any requester needs IP forwarding.
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void ipfwdEnableForwarding(in @utf8InCpp String requester);
-
- /**
- * Disable IP forwarding for specific requester
- *
- * @param requester requester name to disable IP forwarding. This name should match the
- * names which are set by ipfwdEnableForwarding.
- * IP forwarding would be disabled if it is the last requester.
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void ipfwdDisableForwarding(in @utf8InCpp String requester);
-
- /**
- * Add forwarding ip rule
- *
- * @param fromIface interface name to add forwarding ip rule
- * @param toIface interface name to add forwarding ip rule
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void ipfwdAddInterfaceForward(in @utf8InCpp String fromIface, in @utf8InCpp String toIface);
-
- /**
- * Remove forwarding ip rule
- *
- * @param fromIface interface name to remove forwarding ip rule
- * @param toIface interface name to remove forwarding ip rule
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void ipfwdRemoveInterfaceForward(in @utf8InCpp String fromIface, in @utf8InCpp String toIface);
-
- /**
- * Set quota for interface
- *
- * @param ifName Name of target interface
- * @param bytes Quota value in bytes
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void bandwidthSetInterfaceQuota(in @utf8InCpp String ifName, long bytes);
-
- /**
- * Remove quota for interface
- *
- * @param ifName Name of target interface
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void bandwidthRemoveInterfaceQuota(in @utf8InCpp String ifName);
-
- /**
- * Set alert for interface
- *
- * @param ifName Name of target interface
- * @param bytes Alert value in bytes
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void bandwidthSetInterfaceAlert(in @utf8InCpp String ifName, long bytes);
-
- /**
- * Remove alert for interface
- *
- * @param ifName Name of target interface
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void bandwidthRemoveInterfaceAlert(in @utf8InCpp String ifName);
-
- /**
- * Set global alert
- *
- * @param bytes Alert value in bytes
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void bandwidthSetGlobalAlert(long bytes);
-
- /**
- * Add naughty app bandwidth rule for specific app
- *
- * @param uid uid of target app
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void bandwidthAddNaughtyApp(int uid);
-
- /**
- * Remove naughty app bandwidth rule for specific app
- *
- * @param uid uid of target app
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void bandwidthRemoveNaughtyApp(int uid);
-
- /**
- * Add nice app bandwidth rule for specific app
- *
- * @param uid uid of target app
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void bandwidthAddNiceApp(int uid);
-
- /**
- * Remove nice app bandwidth rule for specific app
- *
- * @param uid uid of target app
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void bandwidthRemoveNiceApp(int uid);
-
- /**
- * Start tethering
- *
- * @param dhcpRanges dhcp ranges to set.
- * dhcpRanges might contain many addresss {addr1, addr2, aadr3, addr4...}
- * Netd splits them into ranges: addr1-addr2, addr3-addr4, etc.
- * An odd number of addrs will fail.
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void tetherStart(in @utf8InCpp String[] dhcpRanges);
-
- /**
- * Stop tethering
- *
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void tetherStop();
-
- /**
- * Get status of tethering
- *
- * @return true if tethering is enabled, false otherwise.
- */
- boolean tetherIsEnabled();
-
- /**
- * Setup interface for tethering
- *
- * @param ifName interface name to add
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void tetherInterfaceAdd(in @utf8InCpp String ifName);
-
- /**
- * Reset interface for tethering
- *
- * @param ifName interface name to remove
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void tetherInterfaceRemove(in @utf8InCpp String ifName);
-
- /**
- * Get the interface list which is stored in netd
- * The list contains the interfaces managed by tetherInterfaceAdd/tetherInterfaceRemove
- *
- * @return An array of strings containing interface list result
- */
- @utf8InCpp String[] tetherInterfaceList();
-
- /**
- * Set DNS forwarder server
- *
- * @param netId the upstream network to forward DNS queries to
- * @param dnsAddrs DNS server address to set
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void tetherDnsSet(int netId, in @utf8InCpp String[] dnsAddrs);
-
- /**
- * Return the DNS list set by tetherDnsSet
- *
- * @return An array of strings containing the list of DNS servers
- */
- @utf8InCpp String[] tetherDnsList();
-
- const int LOCAL_NET_ID = 99;
-
- /**
- * Constant net ID for the "dummy" network.
- *
- * The dummy network is used to blackhole or reject traffic. Any attempt to use it will
- * either drop the packets or fail with ENETUNREACH.
- */
- const int DUMMY_NET_ID = 51;
-
- /**
- * Constant net ID for the "unreachable" network.
- *
- * The unreachable network is used to reject traffic. Any attempt to use it will fail
- * with ENETUNREACH.
- */
- const int UNREACHABLE_NET_ID = 52;
-
- // Route does not specify a next hop
- const String NEXTHOP_NONE = "";
- // Route next hop is unreachable
- const String NEXTHOP_UNREACHABLE = "unreachable";
- // Route next hop is throw
- const String NEXTHOP_THROW = "throw";
-
- /**
- * Add a route for specific network
- *
- * @param netId the network to add the route to
- * @param ifName the name of interface of the route.
- * This interface should be assigned to the netID.
- * @param destination the destination of the route
- * @param nextHop The route's next hop address,
- * or it could be either NEXTHOP_NONE, NEXTHOP_UNREACHABLE, NEXTHOP_THROW.
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void networkAddRoute(
- int netId,
- in @utf8InCpp String ifName,
- in @utf8InCpp String destination,
- in @utf8InCpp String nextHop);
-
- /**
- * Remove a route for specific network
- *
- * @param netId the network to remove the route from
- * @param ifName the name of interface of the route.
- * This interface should be assigned to the netID.
- * @param destination the destination of the route
- * @param nextHop The route's next hop address,
- * or it could be either NEXTHOP_NONE, NEXTHOP_UNREACHABLE, NEXTHOP_THROW.
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void networkRemoveRoute(
- int netId,
- in @utf8InCpp String ifName,
- in @utf8InCpp String destination,
- in @utf8InCpp String nextHop);
-
- /**
- * Add a route to legacy routing table for specific network
- *
- * @param netId the network to add the route to
- * @param ifName the name of interface of the route.
- * This interface should be assigned to the netID.
- * @param destination the destination of the route
- * @param nextHop The route's next hop address,
- * or it could be either NEXTHOP_NONE, NEXTHOP_UNREACHABLE, NEXTHOP_THROW.
- * @param uid uid of the user
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void networkAddLegacyRoute(
- int netId,
- in @utf8InCpp String ifName,
- in @utf8InCpp String destination,
- in @utf8InCpp String nextHop,
- int uid);
-
- /**
- * Remove a route from legacy routing table for specific network
- *
- * @param netId the network to remove the route from
- * @param ifName the name of interface of the route.
- * This interface should be assigned to the netID.
- * @param destination the destination of the route
- * @param nextHop The route's next hop address,
- * or it could be either NEXTHOP_NONE, NEXTHOP_UNREACHABLE, NEXTHOP_THROW.
- * @param uid uid of the user
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void networkRemoveLegacyRoute(
- int netId,
- in @utf8InCpp String ifName,
- in @utf8InCpp String destination,
- in @utf8InCpp String nextHop,
- int uid);
-
- /**
- * Get default network
- *
- * @return netId of default network
- */
- int networkGetDefault();
-
- /**
- * Set network as default network
- *
- * @param netId the network to set as the default
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void networkSetDefault(int netId);
-
- /**
- * Clear default network
- *
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void networkClearDefault();
-
- /**
- * PERMISSION_NONE is used for regular networks and apps. TODO: use PERMISSION_INTERNET
- * for this instead, and use PERMISSION_NONE to indicate no network permissions at all.
- */
- const int PERMISSION_NONE = 0;
-
- /**
- * PERMISSION_NETWORK represents the CHANGE_NETWORK_STATE permission.
- */
- const int PERMISSION_NETWORK = 1;
-
- /**
- * PERMISSION_SYSTEM represents the ability to use restricted networks. This is mostly
- * equivalent to the CONNECTIVITY_USE_RESTRICTED_NETWORKS permission.
- */
- const int PERMISSION_SYSTEM = 2;
-
- /**
- * NO_PERMISSIONS indicates that this app is installed and doesn't have either
- * PERMISSION_INTERNET or PERMISSION_UPDATE_DEVICE_STATS.
- * TODO: use PERMISSION_NONE to represent this case
- */
- const int NO_PERMISSIONS = 0;
-
- /**
- * PERMISSION_INTERNET indicates that the app can create AF_INET and AF_INET6 sockets
- */
- const int PERMISSION_INTERNET = 4;
-
- /**
- * PERMISSION_UPDATE_DEVICE_STATS is used for system UIDs and privileged apps
- * that have the UPDATE_DEVICE_STATS permission
- */
- const int PERMISSION_UPDATE_DEVICE_STATS = 8;
-
- /**
- * PERMISSION_UNINSTALLED is used when an app is uninstalled from the device. All internet
- * related permissions need to be cleaned
- */
- const int PERMISSION_UNINSTALLED = -1;
-
-
- /**
- * Sets the permission required to access a specific network.
- *
- * @param netId the network to set
- * @param permission network permission to use
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void networkSetPermissionForNetwork(int netId, int permission);
-
- /**
- * Assigns network access permissions to the specified users.
- *
- * @param permission network permission to use
- * @param uids uid of users to set permission
- */
- void networkSetPermissionForUser(int permission, in int[] uids);
-
- /**
- * Clears network access permissions for the specified users.
- *
- * @param uids uid of users to clear permission
- */
- void networkClearPermissionForUser(in int[] uids);
-
- /**
- * Assigns android.permission.INTERNET and/or android.permission.UPDATE_DEVICE_STATS to the uids
- * specified. Or remove all permissions from the uids.
- *
- * @param permission The permission to grant, it could be either PERMISSION_INTERNET and/or
- * PERMISSION_UPDATE_DEVICE_STATS. If the permission is NO_PERMISSIONS, then
- * revoke all permissions for the uids.
- * @param uids uid of users to grant permission
- */
- void trafficSetNetPermForUids(int permission, in int[] uids);
-
- /**
- * Gives the specified user permission to protect sockets from VPNs.
- * Typically used by VPN apps themselves, to ensure that the sockets
- * they use to communicate with the VPN server aren't routed through
- * the VPN network.
- *
- * @param uid uid of user to set
- */
- void networkSetProtectAllow(int uid);
-
- /**
- * Removes the permission to protect sockets from VPN.
- *
- * @param uid uid of user to set
- */
- void networkSetProtectDeny(int uid);
-
- /**
- * Get the status of network protect for user
- *
- * @param uids uid of user
- * @return true if the user can protect sockets from VPN, false otherwise.
- */
- boolean networkCanProtect(int uid);
-
- /** Only allows packets from specific UID/Interface.
- @deprecated use FIREWALL_ALLOWLIST. */
- const int FIREWALL_WHITELIST = 0;
-
- /** Only allows packets from specific UID/Interface. */
- const int FIREWALL_ALLOWLIST = 0;
-
- /** Blocks packets from specific UID/Interface.
- @deprecated use FIREWALL_DENYLIST. */
- const int FIREWALL_BLACKLIST = 1;
-
- /** Blocks packets from specific UID/Interface. */
- const int FIREWALL_DENYLIST = 1;
-
- /**
- * Set type of firewall
- * Type allowlist only allows packets from specific UID/Interface
- * Type denylist blocks packets from specific UID/Interface
- *
- * @param firewalltype type of firewall, either FIREWALL_ALLOWLIST or FIREWALL_DENYLIST
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void firewallSetFirewallType(int firewalltype);
-
- // Specify allow Rule which allows packets
- const int FIREWALL_RULE_ALLOW = 1;
- // Specify deny Rule which drops packets
- const int FIREWALL_RULE_DENY = 2;
-
- // No specific chain is chosen, use general firewall chain(fw_input, fw_output)
- const int FIREWALL_CHAIN_NONE = 0;
- // Specify DOZABLE chain(fw_dozable) which is used in dozable mode
- const int FIREWALL_CHAIN_DOZABLE = 1;
- // Specify STANDBY chain(fw_standby) which is used in standby mode
- const int FIREWALL_CHAIN_STANDBY = 2;
- // Specify POWERSAVE chain(fw_powersave) which is used in power save mode
- const int FIREWALL_CHAIN_POWERSAVE = 3;
- // Specify RESTRICTED chain(fw_restricted) which is used in restricted
- // networking mode
- const int FIREWALL_CHAIN_RESTRICTED = 4;
-
- /**
- * Set firewall rule for interface
- *
- * @param ifName the interface to allow/deny
- * @param firewallRule either FIREWALL_RULE_ALLOW or FIREWALL_RULE_DENY
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void firewallSetInterfaceRule(in @utf8InCpp String ifName, int firewallRule);
-
- /**
- * Set firewall rule for uid
- *
- * @param childChain target chain
- * @param uid uid to allow/deny
- * @param firewallRule either FIREWALL_RULE_ALLOW or FIREWALL_RULE_DENY
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void firewallSetUidRule(int childChain, int uid, int firewallRule);
-
- /**
- * Enable/Disable target firewall child chain
- *
- * @param childChain target chain to enable
- * @param enable whether to enable or disable child chain.
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void firewallEnableChildChain(int childChain, boolean enable);
-
- /**
- * Get interface list
- *
- * @return An array of strings containing all the interfaces on the system.
- * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
- * unix errno.
- */
- @utf8InCpp String[] interfaceGetList();
-
- // Must be kept in sync with constant in InterfaceConfiguration.java
- const String IF_STATE_UP = "up";
- const String IF_STATE_DOWN = "down";
-
- const String IF_FLAG_BROADCAST = "broadcast";
- const String IF_FLAG_LOOPBACK = "loopback";
- const String IF_FLAG_POINTOPOINT = "point-to-point";
- const String IF_FLAG_RUNNING = "running";
- const String IF_FLAG_MULTICAST = "multicast";
-
- /**
- * Get interface configuration
- *
- * @param ifName interface name
- * @return An InterfaceConfigurationParcel for the specified interface.
- * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
- * unix errno.
- */
- InterfaceConfigurationParcel interfaceGetCfg(in @utf8InCpp String ifName);
-
- /**
- * Set interface configuration
- *
- * @param cfg Interface configuration to set
- * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
- * unix errno.
- */
- void interfaceSetCfg(in InterfaceConfigurationParcel cfg);
-
- /**
- * Set interface IPv6 privacy extensions
- *
- * @param ifName interface name
- * @param enable whether to enable or disable this setting.
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void interfaceSetIPv6PrivacyExtensions(in @utf8InCpp String ifName, boolean enable);
-
- /**
- * Clear all IP addresses on the given interface
- *
- * @param ifName interface name
- * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
- * POSIX errno.
- */
- void interfaceClearAddrs(in @utf8InCpp String ifName);
-
- /**
- * Enable or disable IPv6 on the given interface
- *
- * @param ifName interface name
- * @param enable whether to enable or disable this setting.
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void interfaceSetEnableIPv6(in @utf8InCpp String ifName, boolean enable);
-
- /**
- * Set interface MTU
- *
- * @param ifName interface name
- * @param mtu MTU value
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void interfaceSetMtu(in @utf8InCpp String ifName, int mtu);
-
- /**
- * Add forwarding rule/stats on given interface.
- *
- * @param intIface downstream interface
- * @param extIface upstream interface
- */
- void tetherAddForward(in @utf8InCpp String intIface, in @utf8InCpp String extIface);
-
- /**
- * Remove forwarding rule/stats on given interface.
- *
- * @param intIface downstream interface
- * @param extIface upstream interface
- */
- void tetherRemoveForward(in @utf8InCpp String intIface, in @utf8InCpp String extIface);
-
- /**
- * Set the values of tcp_{rmem,wmem}.
- *
- * @param rmemValues the target values of tcp_rmem, each value is separated by spaces
- * @param wmemValues the target values of tcp_wmem, each value is separated by spaces
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void setTcpRWmemorySize(in @utf8InCpp String rmemValues, in @utf8InCpp String wmemValues);
-
- /**
- * Register unsolicited event listener
- * Netd supports multiple unsolicited event listeners.
- *
- * @param listener unsolicited event listener to register
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void registerUnsolicitedEventListener(INetdUnsolicitedEventListener listener);
-
- /**
- * Add ingress interface filtering rules to a list of UIDs
- *
- * For a given uid, once a filtering rule is added, the kernel will only allow packets from the
- * allowed interface and loopback to be sent to the list of UIDs.
- *
- * Calling this method on one or more UIDs with an existing filtering rule but a different
- * interface name will result in the filtering rule being updated to allow the new interface
- * instead. Otherwise calling this method will not affect existing rules set on other UIDs.
- *
- * @param ifName the name of the interface on which the filtering rules will allow packets to
- be received.
- * @param uids an array of UIDs which the filtering rules will be set
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void firewallAddUidInterfaceRules(in @utf8InCpp String ifName, in int[] uids);
-
- /**
- * Remove ingress interface filtering rules from a list of UIDs
- *
- * Clear the ingress interface filtering rules from the list of UIDs which were previously set
- * by firewallAddUidInterfaceRules(). Ignore any uid which does not have filtering rule.
- *
- * @param uids an array of UIDs from which the filtering rules will be removed
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void firewallRemoveUidInterfaceRules(in int[] uids);
-
- /**
- * Request netd to change the current active network stats map.
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void trafficSwapActiveStatsMap();
-
- /**
- * Retrieves OEM netd listener interface
- *
- * @return a IBinder object, it could be casted to oem specific interface.
- */
- IBinder getOemNetd();
-
- /**
- * Start tethering with given configuration
- *
- * @param config config to start tethering.
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void tetherStartWithConfiguration(in TetherConfigParcel config);
-
-
- /**
- * Get the fwmark and its net id mask for the given network id.
- *
- * @param netId the network to get the fwmark and mask for.
- * @return A MarkMaskParcel of the given network id.
- */
- MarkMaskParcel getFwmarkForNetwork(int netId);
-
- /**
- * Add a route for specific network
- *
- * @param netId the network to add the route to
- * @param routeInfo parcelable with route information
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void networkAddRouteParcel(int netId, in android.net.RouteInfoParcel routeInfo);
-
- /**
- * Update a route for specific network
- *
- * @param routeInfo parcelable with route information
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void networkUpdateRouteParcel(int netId, in android.net.RouteInfoParcel routeInfo);
-
- /**
- * Remove a route for specific network
- *
- * @param routeInfo parcelable with route information
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void networkRemoveRouteParcel(int netId, in android.net.RouteInfoParcel routeInfo);
-
- /**
- * Adds a tethering offload rule, or updates it if it already exists.
- *
- * Currently, only downstream /128 IPv6 entries are supported. An existing rule will be updated
- * if the input interface and destination prefix match. Otherwise, a new rule will be created.
- *
- * @param rule The rule to add or update.
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void tetherOffloadRuleAdd(in TetherOffloadRuleParcel rule);
-
- /**
- * Deletes a tethering offload rule.
- *
- * Currently, only downstream /128 IPv6 entries are supported. An existing rule will be deleted
- * if the destination IP address and the source interface match. It is not an error if there is
- * no matching rule to delete.
- *
- * @param rule The rule to delete.
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void tetherOffloadRuleRemove(in TetherOffloadRuleParcel rule);
-
- /**
- * Return BPF tethering offload statistics.
- *
- * @return an array of TetherStatsParcel's, where each entry contains the upstream interface
- * index and its tethering statistics since tethering was first started.
- * There will only ever be one entry for a given interface index.
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- TetherStatsParcel[] tetherOffloadGetStats();
-
- /**
- * Set a per-interface quota for tethering offload.
- *
- * @param ifIndex Index of upstream interface
- * @param quotaBytes The quota defined as the number of bytes, starting from zero and counting
- * from *now*. A value of QUOTA_UNLIMITED (-1) indicates there is no limit.
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- void tetherOffloadSetInterfaceQuota(int ifIndex, long quotaBytes);
-
- /**
- * Return BPF tethering offload statistics and clear the stats for a given upstream.
- *
- * Must only be called once all offload rules have already been deleted for the given upstream
- * interface. The existing stats will be fetched and returned. The stats and the limit for the
- * given upstream interface will be deleted as well.
- *
- * The stats and limit for a given upstream interface must be initialized (using
- * tetherOffloadSetInterfaceQuota) before any offload will occur on that interface.
- *
- * @param ifIndex Index of upstream interface.
- * @return TetherStatsParcel, which contains the given upstream interface index and its
- * tethering statistics since tethering was first started on that upstream interface.
- * @throws ServiceSpecificException in case of failure, with an error code indicating the
- * cause of the failure.
- */
- TetherStatsParcel tetherOffloadGetAndClearStats(int ifIndex);
-
- /**
- * Creates a network.
- *
- * @param config the configuration of network.
- * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
- * unix errno.
- */
- void networkCreate(in NativeNetworkConfig config);
-}
diff --git a/server/binder/android/net/INetdUnsolicitedEventListener.aidl b/server/binder/android/net/INetdUnsolicitedEventListener.aidl
deleted file mode 100644
index 652a79c..0000000
--- a/server/binder/android/net/INetdUnsolicitedEventListener.aidl
+++ /dev/null
@@ -1,145 +0,0 @@
-/**
- * Copyright (c) 2018, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net;
-
-/**
- * Unsolicited netd events which are reported by the kernel via netlink.
- * This one-way interface groups asynchronous notifications sent
- * by netd to any process that registered itself via INetd.registerUnsolEventListener.
- *
- * {@hide}
- */
-oneway interface INetdUnsolicitedEventListener {
-
- /**
- * Notifies that an interface has been idle/active for a certain period of time.
- * It is the event for idletimer.
- *
- * @param isActive true for active status, false for idle
- * @param timerLabel unique identifier of the idletimer.
- * Since NMS only set the identifier as int, only report event with int label.
- * @param timestampNs kernel timestamp of this event, 0 for no timestamp
- * @param uid uid of this event, -1 for no uid.
- * It represents the uid that was responsible for waking the radio.
- */
- void onInterfaceClassActivityChanged(
- boolean isActive,
- int timerLabel,
- long timestampNs,
- int uid);
-
- /**
- * Notifies that a specific interface reached its quota limit.
- *
- * @param alertName alert name of the quota limit
- * @param ifName interface which reached the limit
- */
- void onQuotaLimitReached(@utf8InCpp String alertName, @utf8InCpp String ifName);
-
- /**
- * Provides information on IPv6 DNS servers on a specific interface.
- *
- * @param ifName interface name
- * @param lifetimeS lifetime for the DNS servers in seconds
- * @param servers the address of servers.
- * e.g. IpV6: "2001:4860:4860::6464"
- *
- */
- void onInterfaceDnsServerInfo(
- @utf8InCpp String ifName, long lifetimeS, in @utf8InCpp String[] servers);
-
- /**
- * Notifies that an address has updated on a specific interface.
- *
- * @param addr address that is being updated
- * @param ifName the name of the interface on which the address is configured
- * @param flags address flags, see ifa_flags in if_addr.h
- * @param scope current scope of the address
- */
- void onInterfaceAddressUpdated(
- @utf8InCpp String addr,
- @utf8InCpp String ifName,
- int flags,
- int scope);
-
- /**
- * Notifies that an address has been removed on a specific interface.
- *
- * @param addr address of this change
- * @param ifName the name of the interface that changed addresses
- * @param flags address flags, see ifa_flags in if_addr.h
- * @param scope address address scope
- */
- void onInterfaceAddressRemoved(
- @utf8InCpp String addr,
- @utf8InCpp String ifName,
- int flags,
- int scope);
-
- /**
- * Notifies that an interface has been added.
- *
- * @param ifName the name of the added interface
- */
- void onInterfaceAdded(@utf8InCpp String ifName);
-
- /**
- * Notifies that an interface has been removed.
- *
- * @param ifName the name of the removed interface
- */
- void onInterfaceRemoved(@utf8InCpp String ifName);
-
- /**
- * Notifies that the status of the specific interface has changed.
- *
- * @param ifName the name of the interface that changed status
- * @param up true for interface up, false for down
- */
- void onInterfaceChanged(@utf8InCpp String ifName, boolean up);
-
- /**
- * Notifies that the link state of the specific interface has changed.
- *
- * @param ifName the name of the interface whose link state has changed
- * @param up true for interface link state up, false for link state down
- */
- void onInterfaceLinkStateChanged(@utf8InCpp String ifName, boolean up);
-
- /**
- * Notifies that an IP route has changed.
- *
- * @param updated true for update, false for remove
- * @param route destination prefix of this route, e.g., "2001:db8::/64"
- * @param gateway address of gateway, empty string for no gateway
- * @param ifName interface name of this route, empty string for no interface
- */
- void onRouteChanged(
- boolean updated,
- @utf8InCpp String route,
- @utf8InCpp String gateway,
- @utf8InCpp String ifName);
-
- /**
- * Notifies that kernel has detected a socket sending data not wrapped
- * inside a layer of SSL/TLS encryption.
- *
- * @param uid uid of this event
- * @param hex packet content in hex format
- */
- void onStrictCleartextDetected(int uid, @utf8InCpp String hex);
-}
diff --git a/server/binder/android/net/InterfaceConfigurationParcel.aidl b/server/binder/android/net/InterfaceConfigurationParcel.aidl
deleted file mode 100644
index c20792c..0000000
--- a/server/binder/android/net/InterfaceConfigurationParcel.aidl
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Copyright (C) 2018 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net;
-
-/**
- * Configuration details for a network interface.
- *
- * {@hide}
- */
-parcelable InterfaceConfigurationParcel {
- @utf8InCpp String ifName;
- @utf8InCpp String hwAddr;
- @utf8InCpp String ipv4Addr;
- int prefixLength;
- /**
- * Interface flags, String versions of IFF_* defined in netd/if.h
- */
- @utf8InCpp String[] flags;
-}
diff --git a/server/binder/android/net/MarkMaskParcel.aidl b/server/binder/android/net/MarkMaskParcel.aidl
deleted file mode 100644
index 932b7bf..0000000
--- a/server/binder/android/net/MarkMaskParcel.aidl
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright (C) 2019 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net;
-
-/**
- * Structure that stores a firewall mark and its mask.
- *
- * {@hide}
- */
-parcelable MarkMaskParcel {
- // The fwmark.
- int mark;
- // Net id mask of fwmark.
- int mask;
-}
diff --git a/server/binder/android/net/NativeNetworkConfig.aidl b/server/binder/android/net/NativeNetworkConfig.aidl
deleted file mode 100644
index 2c4f83a..0000000
--- a/server/binder/android/net/NativeNetworkConfig.aidl
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net;
-
-import android.net.NativeNetworkType;
-import android.net.NativeVpnType;
-
-/**
- * The configuration to create a network.
- *
- * {@hide}
- */
-@JavaDerive(toString=true, equals=true)
-@JavaOnlyImmutable
-parcelable NativeNetworkConfig {
- /** The networkId to create. */
- int netId;
-
- /**
- * The type of network, e.g. physical network or virtual network.
- */
- NativeNetworkType networkType = NativeNetworkType.PHYSICAL;
-
- /**
- * For physical networks. The permission necessary to use the network. Must be one of
- * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. Ignored for all other network types.
- */
- int permission;
-
- /**
- * For virtual networks. Whether unprivileged apps are allowed to bypass the VPN. Ignored for
- * all other network types.
- */
- boolean secure;
-
- /** For virtual networks. The type of VPN to create. Ignored for all other network types. */
- NativeVpnType vpnType = NativeVpnType.PLATFORM;
-}
diff --git a/server/binder/android/net/NativeNetworkType.aidl b/server/binder/android/net/NativeNetworkType.aidl
deleted file mode 100644
index d667029..0000000
--- a/server/binder/android/net/NativeNetworkType.aidl
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net;
-
-@Backing(type="int")
-enum NativeNetworkType {
- /**
- * Physical network type.
- */
- PHYSICAL = 0,
-
- /**
- * Virtual private network type.
- */
- VIRTUAL = 1,
-}
\ No newline at end of file
diff --git a/server/binder/android/net/NativeVpnType.aidl b/server/binder/android/net/NativeVpnType.aidl
deleted file mode 100644
index cd1b447..0000000
--- a/server/binder/android/net/NativeVpnType.aidl
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net;
-
-@Backing(type="int")
-enum NativeVpnType {
- /**
- * A VPN created by an app using the VpnService API.
- */
- SERVICE = 1,
-
- /**
- * A VPN created using a VpnManager API such as startProvisionedVpnProfile.
- */
- PLATFORM = 2,
-
- /**
- * An IPsec VPN created by the built-in LegacyVpnRunner.
- */
- LEGACY = 3,
-
- /**
- * An VPN created by OEM code through other means than VpnService or VpnManager.
- */
- OEM = 4,
-}
\ No newline at end of file
diff --git a/server/binder/android/net/RouteInfoParcel.aidl b/server/binder/android/net/RouteInfoParcel.aidl
deleted file mode 100644
index fcc86e3..0000000
--- a/server/binder/android/net/RouteInfoParcel.aidl
+++ /dev/null
@@ -1,28 +0,0 @@
-/**
- * Copyright (c) 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net;
-
-parcelable RouteInfoParcel {
- // The destination of the route.
- @utf8InCpp String destination;
- // The name of interface of the route. This interface should be assigned to the netID.
- @utf8InCpp String ifName;
- // The route's next hop address, or one of the NEXTHOP_* constants defined in INetd.aidl.
- @utf8InCpp String nextHop;
- // The MTU of the route.
- int mtu;
-}
diff --git a/server/binder/android/net/TetherConfigParcel.aidl b/server/binder/android/net/TetherConfigParcel.aidl
deleted file mode 100644
index 9f371ce..0000000
--- a/server/binder/android/net/TetherConfigParcel.aidl
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Copyright (C) 2019 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net;
-
-/**
- * The configuration to start tethering.
- *
- * {@hide}
- */
-parcelable TetherConfigParcel {
- // Whether to enable or disable legacy DNS proxy server.
- boolean usingLegacyDnsProxy;
- // DHCP ranges to set.
- // dhcpRanges might contain many addresss {addr1, addr2, addr3, addr4...}
- // Netd splits them into ranges: addr1-addr2, addr3-addr4, etc.
- // An odd number of addrs will fail.
- @utf8InCpp String[] dhcpRanges;
-}
diff --git a/server/binder/android/net/TetherOffloadRuleParcel.aidl b/server/binder/android/net/TetherOffloadRuleParcel.aidl
deleted file mode 100644
index c549e61..0000000
--- a/server/binder/android/net/TetherOffloadRuleParcel.aidl
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net;
-
-/**
- * Represents a forwarding rule for tethering offload.
- *
- * {@hide}
- */
-parcelable TetherOffloadRuleParcel {
- /** The interface index of the input interface. */
- int inputInterfaceIndex;
-
- /** The interface index of the output interface. */
- int outputInterfaceIndex;
-
- /** The base IP address of the destination prefix as a byte array. */
- byte[] destination;
-
- /** The destination prefix length. */
- int prefixLength;
-
- /** The source link-layer address. Currently, must be a 6-byte MAC address.*/
- byte[] srcL2Address;
-
- /** The destination link-layer address. Currently, must be a 6-byte MAC address. */
- byte[] dstL2Address;
-
- /** The outbound path mtu. */
- int pmtu = 1500;
-}
diff --git a/server/binder/android/net/TetherStatsParcel.aidl b/server/binder/android/net/TetherStatsParcel.aidl
deleted file mode 100644
index 6bf60a8..0000000
--- a/server/binder/android/net/TetherStatsParcel.aidl
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (C) 2018 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net;
-
-/**
- * The statistics of tethering interface
- *
- * {@hide}
- */
-parcelable TetherStatsParcel {
- /**
- * Parcel representing tethering interface statistics.
- *
- * This parcel is used by tetherGetStats, tetherOffloadGetStats and
- * tetherOffloadGetAndClearStats in INetd.aidl. tetherGetStats uses this parcel to return the
- * tethering statistics since netd startup and presents the interface via its interface name.
- * Both tetherOffloadGetStats and tetherOffloadGetAndClearStats use this parcel to return
- * the tethering statistics since tethering was first started. They present the interface via
- * its interface index. Note that the interface must be presented by either interface name
- * |iface| or interface index |ifIndex| in this parcel. The unused interface name is set to
- * an empty string "" by default and the unused interface index is set to 0 by default.
- */
-
- /** The interface name. */
- @utf8InCpp String iface;
-
- /** Total number of received bytes. */
- long rxBytes;
-
- /** Total number of received packets. */
- long rxPackets;
-
- /** Total number of transmitted bytes. */
- long txBytes;
-
- /** Total number of transmitted packets. */
- long txPackets;
-
- /** The interface index. */
- int ifIndex = 0;
-}
diff --git a/server/binder/android/net/UidRangeParcel.aidl b/server/binder/android/net/UidRangeParcel.aidl
deleted file mode 100644
index 8f1fef6..0000000
--- a/server/binder/android/net/UidRangeParcel.aidl
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright (C) 2018 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net;
-
-/**
- * An inclusive range of UIDs.
- *
- * {@hide}
- */
-@JavaOnlyImmutable @JavaDerive(toString=true, equals=true)
-parcelable UidRangeParcel {
- int start;
- int stop;
-}
diff --git a/server/binder/android/net/metrics/INetdEventListener.aidl b/server/binder/android/net/metrics/INetdEventListener.aidl
deleted file mode 100644
index ef1b2cb..0000000
--- a/server/binder/android/net/metrics/INetdEventListener.aidl
+++ /dev/null
@@ -1,128 +0,0 @@
-/**
- * Copyright (c) 2016, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.metrics;
-
-/**
- * Logs netd events.
- *
- * {@hide}
- */
-oneway interface INetdEventListener {
- const int EVENT_GETADDRINFO = 1;
- const int EVENT_GETHOSTBYNAME = 2;
- const int EVENT_GETHOSTBYADDR = 3;
- const int EVENT_RES_NSEND = 4;
-
- const int REPORTING_LEVEL_NONE = 0;
- const int REPORTING_LEVEL_METRICS = 1;
- const int REPORTING_LEVEL_FULL = 2;
-
- // Maximum number of IP addresses logged for DNS lookups before we truncate the full list.
- const int DNS_REPORTED_IP_ADDRESSES_LIMIT = 10;
-
- /**
- * Logs a DNS lookup function call (getaddrinfo and gethostbyname).
- *
- * @param netId the ID of the network the lookup was performed on.
- * @param eventType one of the EVENT_* constants in this interface.
- * @param returnCode the return value of the function call.
- * @param latencyMs the latency of the function call.
- * @param hostname the name that was looked up.
- * @param ipAddresses (possibly a subset of) the IP addresses returned.
- * At most {@link #DNS_REPORTED_IP_ADDRESSES_LIMIT} addresses are logged.
- * @param ipAddressesCount the number of IP addresses returned. May be different from the length
- * of ipAddresses if there were too many addresses to log.
- * @param uid the UID of the application that performed the query.
- */
- void onDnsEvent(int netId, int eventType, int returnCode, int latencyMs,
- @utf8InCpp String hostname, in @utf8InCpp String[] ipAddresses,
- int ipAddressesCount, int uid);
-
- /**
- * Represents a private DNS validation success or failure.
- *
- * @param netId the ID of the network the validation was performed on.
- * @param ipAddress the IP address for which validation was performed.
- * @param hostname the hostname for which validation was performed.
- * @param validated whether or not validation was successful.
- */
- void onPrivateDnsValidationEvent(int netId, String ipAddress, String hostname,
- boolean validated);
-
- /**
- * Logs a single connect library call.
- *
- * @param netId the ID of the network the connect was performed on.
- * @param error 0 if the connect call succeeded, otherwise errno if it failed.
- * @param latencyMs the latency of the connect call.
- * @param ipAddr destination IP address.
- * @param port destination port number.
- * @param uid the UID of the application that performed the connection.
- */
- void onConnectEvent(int netId, int error, int latencyMs, String ipAddr, int port, int uid);
-
- /**
- * Logs a single RX packet which caused the main CPU to exit sleep state.
- * @param prefix arbitrary string provided via wakeupAddInterface()
- * @param uid UID of the destination process or -1 if no UID is available.
- * @param ethertype of the RX packet encoded in an int in native order, or -1 if not available.
- * @param ipNextHeader ip protocol of the RX packet as IPPROTO_* number,
- or -1 if the packet was not IPv4 or IPv6.
- * @param dstHw destination hardware address, or 0 if not available.
- * @param srcIp source IP address, or null if not available.
- * @param dstIp destination IP address, or null if not available.
- * @param srcPort src port of RX packet in native order, or -1 if the packet was not UDP or TCP.
- * @param dstPort dst port of RX packet in native order, or -1 if the packet was not UDP or TCP.
- * @param timestampNs receive timestamp for the offending packet. In units of nanoseconds and
- * synchronized to CLOCK_MONOTONIC.
- */
- void onWakeupEvent(String prefix, int uid, int ethertype, int ipNextHeader, in byte[] dstHw,
- String srcIp, String dstIp, int srcPort, int dstPort, long timestampNs);
-
- /**
- * An event sent after every Netlink sock_diag poll performed by Netd. This reported batch
- * groups TCP socket stats aggregated by network id. Per-network data are stored in a
- * structure-of-arrays style where networkIds, sentPackets, lostPackets, rttUs, and
- * sentAckDiffMs have the same length. Stats for the i-th network is spread across all these
- * arrays at index i.
- * @param networkIds an array of network ids for which there was tcp socket stats to collect in
- * the last sock_diag poll.
- * @param sentPackets an array of packet sent across all TCP sockets still alive and new
- TCP sockets since the last sock_diag poll, summed per network id.
- * @param lostPackets, an array of packet lost across all TCP sockets still alive and new
- TCP sockets since the last sock_diag poll, summed per network id.
- * @param rttUs an array of smoothed round trip times in microseconds, averaged across all TCP
- sockets since the last sock_diag poll for a given network id.
- * @param sentAckDiffMs an array of milliseconds duration between the last packet sent and the
- last ack received for a socket, averaged across all TCP sockets for a network id.
- */
- void onTcpSocketStatsEvent(in int[] networkIds, in int[] sentPackets,
- in int[] lostPackets, in int[] rttUs, in int[] sentAckDiffMs);
-
- /**
- * Represents adding or removing a NAT64 prefix.
- *
- * @param netId the ID of the network the prefix was discovered on.
- * @param added true if the NAT64 prefix was added, or false if the NAT64 prefix was removed.
- * There is only one prefix at a time for each netId. If a prefix is added, it replaces
- * the previous-added prefix.
- * @param prefixString the detected NAT64 prefix as a string literal.
- * @param prefixLength the prefix length associated with this NAT64 prefix.
- */
- void onNat64PrefixEvent(int netId, boolean added, @utf8InCpp String prefixString,
- int prefixLength);
-}
diff --git a/tests/Android.bp b/tests/Android.bp
index 6ae752b..c5d9bb5 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -52,7 +52,7 @@
"libnetutils",
"libsysutils",
"libutils",
- "netd_aidl_interface-V6-cpp",
+ "netd_aidl_interface-V7-cpp",
],
}
@@ -107,7 +107,7 @@
"libnetdbpf",
"libnetdutils",
"libqtaguid",
- "netd_aidl_interface-V6-cpp",
+ "netd_aidl_interface-V7-cpp",
"netd_event_listener_interface-V1-cpp",
"oemnetd_aidl_interface-cpp",
],
diff --git a/tests/benchmarks/Android.bp b/tests/benchmarks/Android.bp
index 00c28eb..2aa8df0 100644
--- a/tests/benchmarks/Android.bp
+++ b/tests/benchmarks/Android.bp
@@ -22,10 +22,10 @@
],
static_libs: [
"libnetd_test_dnsresponder_ndk",
- "dnsresolver_aidl_interface-lateststable-ndk_platform",
+ "dnsresolver_aidl_interface-lateststable-ndk",
"netd_aidl_interface-lateststable-cpp", // system/netd/server/UidRanges.h
- "netd_aidl_interface-lateststable-ndk_platform",
- "netd_event_listener_interface-lateststable-ndk_platform",
+ "netd_aidl_interface-lateststable-ndk",
+ "netd_event_listener_interface-lateststable-ndk",
],
aidl: {
include_dirs: ["system/netd/server/binder"],
diff --git a/tests/binder_test.cpp b/tests/binder_test.cpp
index 69d1f9b..e80296a 100644
--- a/tests/binder_test.cpp
+++ b/tests/binder_test.cpp
@@ -43,7 +43,6 @@
#include <openssl/base64.h>
#include <sys/socket.h>
#include <sys/types.h>
-#include <sys/utsname.h>
#include <android-base/file.h>
#include <android-base/format.h>
@@ -109,8 +108,10 @@
using android::net::NativeNetworkConfig;
using android::net::NativeNetworkType;
using android::net::NativeVpnType;
+using android::net::RULE_PRIORITY_BYPASSABLE_VPN;
using android::net::RULE_PRIORITY_DEFAULT_NETWORK;
using android::net::RULE_PRIORITY_EXPLICIT_NETWORK;
+using android::net::RULE_PRIORITY_OUTPUT_INTERFACE;
using android::net::RULE_PRIORITY_PROHIBIT_NON_VPN;
using android::net::RULE_PRIORITY_SECURE_VPN;
using android::net::RULE_PRIORITY_TETHERING;
@@ -124,6 +125,8 @@
using android::net::TetherStatsParcel;
using android::net::TunInterface;
using android::net::UidRangeParcel;
+using android::net::UidRanges;
+using android::net::netd::aidl::NativeUidRangeConfig;
using android::netdutils::IPAddress;
using android::netdutils::ScopedAddrinfo;
using android::netdutils::sSyscalls;
@@ -134,6 +137,7 @@
static const int TEST_NETID1 = 65501;
static const int TEST_NETID2 = 65502;
static const int TEST_NETID3 = 65503;
+static const int TEST_NETID4 = 65504;
static const int TEST_DUMP_NETID = 65123;
static const char* DNSMASQ = "dnsmasq";
@@ -142,6 +146,9 @@
static const int TEST_UID1 = 99999;
static const int TEST_UID2 = 99998;
static const int TEST_UID3 = 99997;
+static const int TEST_UID4 = 99996;
+static const int TEST_UID5 = 99995;
+static const int TEST_UID6 = 99994;
constexpr int BASE_UID = AID_USER_OFFSET * 5;
@@ -170,6 +177,7 @@
mNetd->networkDestroy(TEST_NETID1);
mNetd->networkDestroy(TEST_NETID2);
mNetd->networkDestroy(TEST_NETID3);
+ mNetd->networkDestroy(TEST_NETID4);
setNetworkForProcess(NETID_UNSET);
// Restore default network
if (mStoredDefaultNetwork >= 0) mNetd->networkSetDefault(mStoredDefaultNetwork);
@@ -182,9 +190,11 @@
ASSERT_EQ(0, sTun.init());
ASSERT_EQ(0, sTun2.init());
ASSERT_EQ(0, sTun3.init());
+ ASSERT_EQ(0, sTun4.init());
ASSERT_LE(sTun.name().size(), static_cast<size_t>(IFNAMSIZ));
ASSERT_LE(sTun2.name().size(), static_cast<size_t>(IFNAMSIZ));
ASSERT_LE(sTun3.name().size(), static_cast<size_t>(IFNAMSIZ));
+ ASSERT_LE(sTun4.name().size(), static_cast<size_t>(IFNAMSIZ));
}
static void TearDownTestCase() {
@@ -192,6 +202,7 @@
sTun.destroy();
sTun2.destroy();
sTun3.destroy();
+ sTun4.destroy();
}
static void fakeRemoteSocketPair(unique_fd* clientSocket, unique_fd* serverSocket,
@@ -224,11 +235,13 @@
static TunInterface sTun;
static TunInterface sTun2;
static TunInterface sTun3;
+ static TunInterface sTun4;
};
TunInterface NetdBinderTest::sTun;
TunInterface NetdBinderTest::sTun2;
TunInterface NetdBinderTest::sTun3;
+TunInterface NetdBinderTest::sTun4;
class TimedOperation : public Stopwatch {
public:
@@ -551,14 +564,22 @@
}
static bool ipRuleExistsForRange(const uint32_t priority, const UidRangeParcel& range,
- const std::string& action, const char* ipVersion) {
+ const std::string& action, const char* ipVersion,
+ const char* oif) {
// Output looks like this:
+ // "<priority>:\tfrom all iif lo oif netdc0ca6 uidrange 500000-500000 lookup netdc0ca6"
// "<priority>:\tfrom all fwmark 0x0/0x20000 iif lo uidrange 1000-2000 prohibit"
std::vector<std::string> rules = listIpRules(ipVersion);
std::string prefix = StringPrintf("%" PRIu32 ":", priority);
- std::string suffix =
- StringPrintf(" iif lo uidrange %d-%d %s\n", range.start, range.stop, action.c_str());
+ std::string suffix;
+ if (oif) {
+ suffix = StringPrintf(" iif lo oif %s uidrange %d-%d %s\n", oif, range.start, range.stop,
+ action.c_str());
+ } else {
+ suffix = StringPrintf(" iif lo uidrange %d-%d %s\n", range.start, range.stop,
+ action.c_str());
+ }
for (const auto& line : rules) {
if (android::base::StartsWith(line, prefix) && android::base::EndsWith(line, suffix)) {
return true;
@@ -567,14 +588,20 @@
return false;
}
+// Overloads function with oif parameter for VPN rules compare.
static bool ipRuleExistsForRange(const uint32_t priority, const UidRangeParcel& range,
- const std::string& action) {
- bool existsIp4 = ipRuleExistsForRange(priority, range, action, IP_RULE_V4);
- bool existsIp6 = ipRuleExistsForRange(priority, range, action, IP_RULE_V6);
+ const std::string& action, const char* oif) {
+ bool existsIp4 = ipRuleExistsForRange(priority, range, action, IP_RULE_V4, oif);
+ bool existsIp6 = ipRuleExistsForRange(priority, range, action, IP_RULE_V6, oif);
EXPECT_EQ(existsIp4, existsIp6);
return existsIp4;
}
+static bool ipRuleExistsForRange(const uint32_t priority, const UidRangeParcel& range,
+ const std::string& action) {
+ return ipRuleExistsForRange(priority, range, action, nullptr);
+}
+
namespace {
UidRangeParcel makeUidRangeParcel(int start, int stop) {
@@ -585,6 +612,17 @@
return res;
}
+NativeUidRangeConfig makeNativeUidRangeConfig(unsigned netId,
+ std::vector<UidRangeParcel>&& uidRanges,
+ uint32_t subPriority) {
+ NativeUidRangeConfig res;
+ res.netId = netId;
+ res.uidRanges = uidRanges;
+ res.subPriority = subPriority;
+
+ return res;
+}
+
} // namespace
TEST_F(NetdBinderTest, NetworkInterfaces) {
@@ -1229,16 +1267,6 @@
} // namespace
TEST_F(NetdBinderTest, IdletimerAddRemoveInterface) {
- // TODO(b/175745224): Temporarily disable idletimer test on >5.10 kernels
- utsname u;
- if (!uname(&u)) {
- unsigned long major, minor;
- char *p;
- major = strtoul(u.release, &p, 10);
- minor = strtoul(++p, NULL, 10);
- if (major > 5 || (major == 5 && minor >= 10)) return;
- }
-
// TODO: We will get error in if expectIdletimerInterfaceRuleNotExists if there are the same
// rule in the table. Because we only check the result after calling remove function. We might
// check the actual rule which is removed by our function (maybe compare the results between
@@ -2392,11 +2420,14 @@
}
void expectFirewallDenylistMode() {
- for (const auto& binary : {IPTABLES_PATH, IP6TABLES_PATH}) {
- EXPECT_EQ(2, iptablesRuleLineLength(binary, FIREWALL_INPUT));
- EXPECT_EQ(2, iptablesRuleLineLength(binary, FIREWALL_OUTPUT));
- EXPECT_EQ(2, iptablesRuleLineLength(binary, FIREWALL_FORWARD));
- }
+ EXPECT_EQ(2, iptablesRuleLineLength(IPTABLES_PATH, FIREWALL_INPUT));
+ EXPECT_EQ(2, iptablesRuleLineLength(IPTABLES_PATH, FIREWALL_OUTPUT));
+ EXPECT_EQ(2, iptablesRuleLineLength(IPTABLES_PATH, FIREWALL_FORWARD));
+
+ // for IPv6 there is an extra OUTPUT rule to DROP ::1 sourced packets to non-loopback devices
+ EXPECT_EQ(2, iptablesRuleLineLength(IP6TABLES_PATH, FIREWALL_INPUT));
+ EXPECT_EQ(3, iptablesRuleLineLength(IP6TABLES_PATH, FIREWALL_OUTPUT));
+ EXPECT_EQ(2, iptablesRuleLineLength(IP6TABLES_PATH, FIREWALL_FORWARD));
}
bool iptablesFirewallInterfaceFirstRuleExists(const char* binary, const char* chainName,
@@ -3948,32 +3979,69 @@
#define VPN_NETID TEST_NETID3
void verifyAppUidRules(std::vector<bool>&& expectedResults, std::vector<UidRangeParcel>& uidRanges,
- const std::string& iface) {
+ const std::string& iface, uint32_t subPriority) {
ASSERT_EQ(expectedResults.size(), uidRanges.size());
if (iface.size()) {
std::string action = StringPrintf("lookup %s ", iface.c_str());
for (unsigned long i = 0; i < uidRanges.size(); i++) {
- EXPECT_EQ(expectedResults[i], ipRuleExistsForRange(RULE_PRIORITY_UID_EXPLICIT_NETWORK,
- uidRanges[i], action));
- EXPECT_EQ(expectedResults[i], ipRuleExistsForRange(RULE_PRIORITY_UID_IMPLICIT_NETWORK,
- uidRanges[i], action));
- EXPECT_EQ(expectedResults[i], ipRuleExistsForRange(RULE_PRIORITY_UID_DEFAULT_NETWORK,
- uidRanges[i], action));
+ EXPECT_EQ(expectedResults[i],
+ ipRuleExistsForRange(RULE_PRIORITY_UID_EXPLICIT_NETWORK + subPriority,
+ uidRanges[i], action));
+ EXPECT_EQ(expectedResults[i],
+ ipRuleExistsForRange(RULE_PRIORITY_UID_IMPLICIT_NETWORK + subPriority,
+ uidRanges[i], action));
+ EXPECT_EQ(expectedResults[i],
+ ipRuleExistsForRange(RULE_PRIORITY_UID_DEFAULT_NETWORK + subPriority,
+ uidRanges[i], action));
}
} else {
std::string action = "unreachable";
for (unsigned long i = 0; i < uidRanges.size(); i++) {
- EXPECT_EQ(expectedResults[i], ipRuleExistsForRange(RULE_PRIORITY_UID_EXPLICIT_NETWORK,
- uidRanges[i], action));
- EXPECT_EQ(expectedResults[i], ipRuleExistsForRange(RULE_PRIORITY_UID_IMPLICIT_NETWORK,
- uidRanges[i], action));
EXPECT_EQ(expectedResults[i],
- ipRuleExistsForRange(RULE_PRIORITY_UID_DEFAULT_UNREACHABLE, uidRanges[i],
- action));
+ ipRuleExistsForRange(RULE_PRIORITY_UID_EXPLICIT_NETWORK + subPriority,
+ uidRanges[i], action));
+ EXPECT_EQ(expectedResults[i],
+ ipRuleExistsForRange(RULE_PRIORITY_UID_IMPLICIT_NETWORK + subPriority,
+ uidRanges[i], action));
+ EXPECT_EQ(expectedResults[i],
+ ipRuleExistsForRange(RULE_PRIORITY_UID_DEFAULT_UNREACHABLE + subPriority,
+ uidRanges[i], action));
}
}
}
+void verifyAppUidRules(std::vector<bool>&& expectedResults, NativeUidRangeConfig& uidRangeConfig,
+ const std::string& iface) {
+ verifyAppUidRules(move(expectedResults), uidRangeConfig.uidRanges, iface,
+ uidRangeConfig.subPriority);
+}
+
+void verifyVpnUidRules(std::vector<bool>&& expectedResults, NativeUidRangeConfig& uidRangeConfig,
+ const std::string& iface, bool secure) {
+ ASSERT_EQ(expectedResults.size(), uidRangeConfig.uidRanges.size());
+ std::string action = StringPrintf("lookup %s ", iface.c_str());
+
+ uint32_t priority;
+ if (secure) {
+ priority = RULE_PRIORITY_SECURE_VPN;
+ } else {
+ priority = RULE_PRIORITY_BYPASSABLE_VPN;
+ }
+ for (unsigned long i = 0; i < uidRangeConfig.uidRanges.size(); i++) {
+ EXPECT_EQ(expectedResults[i], ipRuleExistsForRange(priority + uidRangeConfig.subPriority,
+ uidRangeConfig.uidRanges[i], action));
+ EXPECT_EQ(expectedResults[i],
+ ipRuleExistsForRange(RULE_PRIORITY_EXPLICIT_NETWORK + uidRangeConfig.subPriority,
+ uidRangeConfig.uidRanges[i], action));
+ EXPECT_EQ(expectedResults[i],
+ ipRuleExistsForRange(RULE_PRIORITY_OUTPUT_INTERFACE + uidRangeConfig.subPriority,
+ uidRangeConfig.uidRanges[i], action, iface.c_str()));
+ }
+}
+
+constexpr int SUB_PRIORITY_1 = UidRanges::DEFAULT_SUB_PRIORITY + 1;
+constexpr int SUB_PRIORITY_2 = UidRanges::DEFAULT_SUB_PRIORITY + 2;
+
constexpr int IMPLICITLY_SELECT = 0;
constexpr int EXPLICITLY_SELECT = 1;
constexpr int UNCONNECTED_SOCKET = 2;
@@ -4087,18 +4155,24 @@
makeUidRangeParcel(BASE_UID + 8090, BASE_UID + 8099)};
EXPECT_TRUE(mNetd->networkAddUidRanges(APP_DEFAULT_NETID, uidRanges).isOk());
- verifyAppUidRules({true, true} /*expectedResults*/, uidRanges, sTun.name());
+ verifyAppUidRules({true, true} /*expectedResults*/, uidRanges, sTun.name(),
+ UidRanges::DEFAULT_SUB_PRIORITY);
EXPECT_TRUE(mNetd->networkRemoveUidRanges(APP_DEFAULT_NETID, {uidRanges.at(0)}).isOk());
- verifyAppUidRules({false, true} /*expectedResults*/, uidRanges, sTun.name());
+ verifyAppUidRules({false, true} /*expectedResults*/, uidRanges, sTun.name(),
+ UidRanges::DEFAULT_SUB_PRIORITY);
EXPECT_TRUE(mNetd->networkRemoveUidRanges(APP_DEFAULT_NETID, {uidRanges.at(1)}).isOk());
- verifyAppUidRules({false, false} /*expectedResults*/, uidRanges, sTun.name());
+ verifyAppUidRules({false, false} /*expectedResults*/, uidRanges, sTun.name(),
+ UidRanges::DEFAULT_SUB_PRIORITY);
EXPECT_TRUE(mNetd->networkAddUidRanges(INetd::UNREACHABLE_NET_ID, uidRanges).isOk());
- verifyAppUidRules({true, true} /*expectedResults*/, uidRanges, "");
+ verifyAppUidRules({true, true} /*expectedResults*/, uidRanges, "",
+ UidRanges::DEFAULT_SUB_PRIORITY);
EXPECT_TRUE(mNetd->networkRemoveUidRanges(INetd::UNREACHABLE_NET_ID, {uidRanges.at(0)}).isOk());
- verifyAppUidRules({false, true} /*expectedResults*/, uidRanges, "");
+ verifyAppUidRules({false, true} /*expectedResults*/, uidRanges, "",
+ UidRanges::DEFAULT_SUB_PRIORITY);
EXPECT_TRUE(mNetd->networkRemoveUidRanges(INetd::UNREACHABLE_NET_ID, {uidRanges.at(1)}).isOk());
- verifyAppUidRules({false, false} /*expectedResults*/, uidRanges, "");
+ verifyAppUidRules({false, false} /*expectedResults*/, uidRanges, "",
+ UidRanges::DEFAULT_SUB_PRIORITY);
}
// Verify whether packets go through the right network with and without per-app default network.
@@ -4420,3 +4494,211 @@
wrongConfig.vpnType = static_cast<NativeVpnType>(-1);
EXPECT_EQ(EINVAL, mNetd->networkCreate(wrongConfig).serviceSpecificErrorCode());
}
+
+// Verifies valid and invalid inputs on networkAddUidRangesParcel method.
+TEST_F(NetdBinderTest, UidRangeSubPriority_ValidateInputs) {
+ createVpnAndOtherPhysicalNetwork(SYSTEM_DEFAULT_NETID, APP_DEFAULT_NETID, VPN_NETID,
+ /*isSecureVPN=*/true);
+ // Invalid priority -1 on a physical network.
+ NativeUidRangeConfig uidRangeConfig =
+ makeNativeUidRangeConfig(APP_DEFAULT_NETID, {makeUidRangeParcel(BASE_UID, BASE_UID)},
+ UidRanges::DEFAULT_SUB_PRIORITY - 1);
+ binder::Status status = mNetd->networkAddUidRangesParcel(uidRangeConfig);
+ EXPECT_FALSE(status.isOk());
+ EXPECT_EQ(EINVAL, status.serviceSpecificErrorCode());
+
+ // Invalid priority 1000 on a physical network.
+ uidRangeConfig.subPriority = UidRanges::LOWEST_SUB_PRIORITY + 1;
+ status = mNetd->networkAddUidRangesParcel(uidRangeConfig);
+ EXPECT_FALSE(status.isOk());
+ EXPECT_EQ(EINVAL, status.serviceSpecificErrorCode());
+
+ // Virtual networks support only default priority.
+ uidRangeConfig.netId = VPN_NETID;
+ uidRangeConfig.subPriority = SUB_PRIORITY_1;
+ status = mNetd->networkAddUidRangesParcel(uidRangeConfig);
+ EXPECT_FALSE(status.isOk());
+ EXPECT_EQ(EINVAL, status.serviceSpecificErrorCode());
+
+ // For a single network, identical UID ranges with different priorities are allowed.
+ uidRangeConfig.netId = APP_DEFAULT_NETID;
+ uidRangeConfig.subPriority = SUB_PRIORITY_1;
+ EXPECT_TRUE(mNetd->networkAddUidRangesParcel(uidRangeConfig).isOk());
+ uidRangeConfig.subPriority = SUB_PRIORITY_2;
+ EXPECT_TRUE(mNetd->networkAddUidRangesParcel(uidRangeConfig).isOk());
+
+ // For a single network, identical UID ranges with the same priority is invalid.
+ status = mNetd->networkAddUidRangesParcel(uidRangeConfig);
+ EXPECT_FALSE(status.isOk());
+ EXPECT_EQ(EINVAL, status.serviceSpecificErrorCode());
+
+ // Overlapping ranges is invalid.
+ uidRangeConfig.uidRanges = {makeUidRangeParcel(BASE_UID + 1, BASE_UID + 1),
+ makeUidRangeParcel(BASE_UID + 1, BASE_UID + 1)};
+ status = mNetd->networkAddUidRangesParcel(uidRangeConfig);
+ EXPECT_FALSE(status.isOk());
+ EXPECT_EQ(EINVAL, status.serviceSpecificErrorCode());
+}
+
+// Examines whether IP rules for app default network with subsidiary priorities are correctly added
+// and removed.
+TEST_F(NetdBinderTest, UidRangeSubPriority_VerifyPhysicalNwIpRules) {
+ createPhysicalNetwork(TEST_NETID1, sTun.name());
+ EXPECT_TRUE(mNetd->networkAddRoute(TEST_NETID1, sTun.name(), "::/0", "").isOk());
+ createPhysicalNetwork(TEST_NETID2, sTun2.name());
+ EXPECT_TRUE(mNetd->networkAddRoute(TEST_NETID2, sTun2.name(), "::/0", "").isOk());
+
+ // Adds priority 1 setting
+ NativeUidRangeConfig uidRangeConfig1 = makeNativeUidRangeConfig(
+ TEST_NETID1, {makeUidRangeParcel(BASE_UID, BASE_UID)}, SUB_PRIORITY_1);
+ EXPECT_TRUE(mNetd->networkAddUidRangesParcel(uidRangeConfig1).isOk());
+ verifyAppUidRules({true}, uidRangeConfig1, sTun.name());
+ // Adds priority 2 setting
+ NativeUidRangeConfig uidRangeConfig2 = makeNativeUidRangeConfig(
+ TEST_NETID2, {makeUidRangeParcel(BASE_UID + 1, BASE_UID + 1)}, SUB_PRIORITY_2);
+ EXPECT_TRUE(mNetd->networkAddUidRangesParcel(uidRangeConfig2).isOk());
+ verifyAppUidRules({true}, uidRangeConfig2, sTun2.name());
+ // Adds another priority 2 setting
+ NativeUidRangeConfig uidRangeConfig3 = makeNativeUidRangeConfig(
+ INetd::UNREACHABLE_NET_ID, {makeUidRangeParcel(BASE_UID + 2, BASE_UID + 2)},
+ SUB_PRIORITY_2);
+ EXPECT_TRUE(mNetd->networkAddUidRangesParcel(uidRangeConfig3).isOk());
+ verifyAppUidRules({true}, uidRangeConfig3, "");
+
+ // Removes.
+ EXPECT_TRUE(mNetd->networkRemoveUidRangesParcel(uidRangeConfig1).isOk());
+ verifyAppUidRules({false}, uidRangeConfig1, sTun.name());
+ verifyAppUidRules({true}, uidRangeConfig2, sTun2.name());
+ verifyAppUidRules({true}, uidRangeConfig3, "");
+ EXPECT_TRUE(mNetd->networkRemoveUidRangesParcel(uidRangeConfig2).isOk());
+ verifyAppUidRules({false}, uidRangeConfig1, sTun.name());
+ verifyAppUidRules({false}, uidRangeConfig2, sTun2.name());
+ verifyAppUidRules({true}, uidRangeConfig3, "");
+ EXPECT_TRUE(mNetd->networkRemoveUidRangesParcel(uidRangeConfig3).isOk());
+ verifyAppUidRules({false}, uidRangeConfig1, sTun.name());
+ verifyAppUidRules({false}, uidRangeConfig2, sTun2.name());
+ verifyAppUidRules({false}, uidRangeConfig3, "");
+}
+
+// Verify uid range rules on virtual network.
+TEST_P(VpnParameterizedTest, UidRangeSubPriority_VerifyVpnIpRules) {
+ const bool isSecureVPN = GetParam();
+ constexpr int VPN_NETID2 = TEST_NETID2;
+
+ // Create 2 VPNs, using sTun and sTun2.
+ auto config = makeNativeNetworkConfig(VPN_NETID, NativeNetworkType::VIRTUAL,
+ INetd::PERMISSION_NONE, isSecureVPN);
+ EXPECT_TRUE(mNetd->networkCreate(config).isOk());
+ EXPECT_TRUE(mNetd->networkAddInterface(VPN_NETID, sTun.name()).isOk());
+
+ config = makeNativeNetworkConfig(VPN_NETID2, NativeNetworkType::VIRTUAL, INetd::PERMISSION_NONE,
+ isSecureVPN);
+ EXPECT_TRUE(mNetd->networkCreate(config).isOk());
+ EXPECT_TRUE(mNetd->networkAddInterface(VPN_NETID2, sTun2.name()).isOk());
+
+ // Assign uid ranges to different VPNs. Check if rules match.
+ NativeUidRangeConfig uidRangeConfig1 = makeNativeUidRangeConfig(
+ VPN_NETID, {makeUidRangeParcel(BASE_UID, BASE_UID)}, UidRanges::DEFAULT_SUB_PRIORITY);
+ EXPECT_TRUE(mNetd->networkAddUidRangesParcel(uidRangeConfig1).isOk());
+ verifyVpnUidRules({true}, uidRangeConfig1, sTun.name(), isSecureVPN);
+
+ NativeUidRangeConfig uidRangeConfig2 =
+ makeNativeUidRangeConfig(VPN_NETID2, {makeUidRangeParcel(BASE_UID + 1, BASE_UID + 1)},
+ UidRanges::DEFAULT_SUB_PRIORITY);
+ EXPECT_TRUE(mNetd->networkAddUidRangesParcel(uidRangeConfig2).isOk());
+ verifyVpnUidRules({true}, uidRangeConfig2, sTun2.name(), isSecureVPN);
+
+ // Remove uid configs one-by-one. Check if rules match.
+ EXPECT_TRUE(mNetd->networkRemoveUidRangesParcel(uidRangeConfig1).isOk());
+ verifyVpnUidRules({false}, uidRangeConfig1, sTun.name(), isSecureVPN);
+ verifyVpnUidRules({true}, uidRangeConfig2, sTun2.name(), isSecureVPN);
+ EXPECT_TRUE(mNetd->networkRemoveUidRangesParcel(uidRangeConfig2).isOk());
+ verifyVpnUidRules({false}, uidRangeConfig1, sTun.name(), isSecureVPN);
+ verifyVpnUidRules({false}, uidRangeConfig2, sTun2.name(), isSecureVPN);
+}
+
+// Verify if packets go through the right network when subsidiary priority and VPN works together.
+//
+// Test config:
+// +----------+------------------------+-------------------------------------------+
+// | Priority | UID | Assigned Network |
+// +----------+------------------------+-------------------------------------------+
+// | 0 | TEST_UID1 | VPN bypassable (VPN_NETID) |
+// +----------+------------------------+-------------------------------------------+
+// | 1 | TEST_UID1, TEST_UID2, | Physical Network 1 (APP_DEFAULT_1_NETID) |
+// | 1 | TEST_UID3 | Physical Network 2 (APP_DEFAULT_2_NETID) |
+// | 1 | TEST_UID5 | Unreachable Network (UNREACHABLE_NET_ID) |
+// +----------+------------------------+-------------------------------------------+
+// | 2 | TEST_UID3 | Physical Network 1 (APP_DEFAULT_1_NETID) |
+// | 2 | TEST_UID4, TEST_UID5 | Physical Network 2 (APP_DEFAULT_2_NETID) |
+// +----------+------------------------+-------------------------------------------+
+//
+// Expected results:
+// +-----------+------------------------+
+// | UID | Using Network |
+// +-----------+------------------------+
+// | TEST_UID1 | VPN |
+// | TEST_UID2 | Physical Network 1 |
+// | TEST_UID3 | Physical Network 2 |
+// | TEST_UID4 | Physical Network 2 |
+// | TEST_UID5 | Unreachable Network |
+// | TEST_UID6 | System Default Network |
+// +-----------+------------------------+
+//
+// SYSTEM_DEFAULT_NETID uses sTun.
+// APP_DEFAULT_1_NETID uses sTun2.
+// VPN_NETID uses sTun3.
+// APP_DEFAULT_2_NETID uses sTun4.
+//
+TEST_F(NetdBinderTest, UidRangeSubPriority_ImplicitlySelectNetwork) {
+ constexpr int APP_DEFAULT_1_NETID = TEST_NETID2;
+ constexpr int APP_DEFAULT_2_NETID = TEST_NETID4;
+
+ // Creates 4 networks.
+ createVpnAndOtherPhysicalNetwork(SYSTEM_DEFAULT_NETID, APP_DEFAULT_1_NETID, VPN_NETID,
+ /*isSecureVPN=*/false);
+ createPhysicalNetwork(APP_DEFAULT_2_NETID, sTun4.name());
+ EXPECT_TRUE(mNetd->networkAddRoute(APP_DEFAULT_2_NETID, sTun4.name(), "::/0", "").isOk());
+
+ // Adds VPN setting.
+ NativeUidRangeConfig uidRangeConfigVpn = makeNativeUidRangeConfig(
+ VPN_NETID, {makeUidRangeParcel(TEST_UID1, TEST_UID1)}, UidRanges::DEFAULT_SUB_PRIORITY);
+ EXPECT_TRUE(mNetd->networkAddUidRangesParcel(uidRangeConfigVpn).isOk());
+
+ // Adds uidRangeConfig1 setting.
+ NativeUidRangeConfig uidRangeConfig1 = makeNativeUidRangeConfig(
+ APP_DEFAULT_1_NETID,
+ {makeUidRangeParcel(TEST_UID1, TEST_UID1), makeUidRangeParcel(TEST_UID2, TEST_UID2)},
+ SUB_PRIORITY_1);
+ EXPECT_TRUE(mNetd->networkAddUidRangesParcel(uidRangeConfig1).isOk());
+ uidRangeConfig1.netId = APP_DEFAULT_2_NETID;
+ uidRangeConfig1.uidRanges = {makeUidRangeParcel(TEST_UID3, TEST_UID3)};
+ EXPECT_TRUE(mNetd->networkAddUidRangesParcel(uidRangeConfig1).isOk());
+ uidRangeConfig1.netId = INetd::UNREACHABLE_NET_ID;
+ uidRangeConfig1.uidRanges = {makeUidRangeParcel(TEST_UID5, TEST_UID5)};
+ EXPECT_TRUE(mNetd->networkAddUidRangesParcel(uidRangeConfig1).isOk());
+
+ // Adds uidRangeConfig2 setting.
+ NativeUidRangeConfig uidRangeConfig2 = makeNativeUidRangeConfig(
+ APP_DEFAULT_1_NETID, {makeUidRangeParcel(TEST_UID3, TEST_UID3)}, SUB_PRIORITY_2);
+ EXPECT_TRUE(mNetd->networkAddUidRangesParcel(uidRangeConfig2).isOk());
+ uidRangeConfig2.netId = APP_DEFAULT_2_NETID;
+ uidRangeConfig2.uidRanges = {makeUidRangeParcel(TEST_UID4, TEST_UID4),
+ makeUidRangeParcel(TEST_UID5, TEST_UID5)};
+ EXPECT_TRUE(mNetd->networkAddUidRangesParcel(uidRangeConfig2).isOk());
+
+ int systemDefaultFd = sTun.getFdForTesting();
+ int appDefault_1_Fd = sTun2.getFdForTesting();
+ int vpnFd = sTun3.getFdForTesting();
+ int appDefault_2_Fd = sTun4.getFdForTesting();
+ // Verify routings.
+ expectPacketSentOnNetId(TEST_UID1, VPN_NETID, vpnFd, IMPLICITLY_SELECT);
+ expectPacketSentOnNetId(TEST_UID2, APP_DEFAULT_1_NETID, appDefault_1_Fd, IMPLICITLY_SELECT);
+ expectPacketSentOnNetId(TEST_UID3, APP_DEFAULT_2_NETID, appDefault_2_Fd, IMPLICITLY_SELECT);
+ expectPacketSentOnNetId(TEST_UID4, APP_DEFAULT_2_NETID, appDefault_2_Fd, IMPLICITLY_SELECT);
+ expectUnreachableError(TEST_UID5, INetd::UNREACHABLE_NET_ID, IMPLICITLY_SELECT);
+ expectPacketSentOnNetId(TEST_UID6, SYSTEM_DEFAULT_NETID, systemDefaultFd, IMPLICITLY_SELECT);
+
+ // Remove test rules from the unreachable network.
+ EXPECT_TRUE(mNetd->networkRemoveUidRangesParcel(uidRangeConfig1).isOk());
+}
\ No newline at end of file