Allow framework-connectivity to depend on framework-connectivity-t
stubs, and framework-connectivity-t to depend on prebuilt (to avoid
circular dependencies) framework-connectivity stubs to compile its own
stubs, and framework-connectivity.impl to compile its implementation.

Also reorganize jarjar rules so that service and framework jar can use
static libraries in framework-connectivity without packaging their own,
reducing duplicate code.

Bug: 204830222
Test: m
Change-Id: I75c34986e7c479de23cdb2e9b360fa1fede018c9

Nearby will be merged together with the tethering/connectivity APEX, so
that module maintenance efforts can be reduced, and the two codebases
can evolve the interfaces that they expose to each other over time.

This is a cherry-pick from downstream branches, with some differences:
 - nearby/Android.bp is added with empty libraries
 - There is no API change, as no API classes are added
 - proguard is not applied, so no proguard rules change
 - HalfSheetUX APK is not added to the APEX

Bug: 189355156
Test: m
Merged-In: If4b40689a257d2806f895cd2dded97fc699adc5f
Change-Id: I2eb965a0965ffce08388278945160e57e8094339

* changes:
  Prevent native_init from starting TrafficController
  Remove libutils dependency from libservice-connectivity
  Merge libtraffic_controller_jni into libservice-connectivity
  [NETD-TC#15] Make ConnectivityService and PermissionMonitor calls BpfNetMaps on T

* changes:
  Expose access UIDs.
  Send access UIDs to netd
  Add accessUids to NetworkCapabilities.
  Clean up restrictions on network agent capabilities
  Sanitize NetworkCapabilities from agent on the handler thread

TrafficController is currently still started by netd, and this should
not happen in two places. Instead, native_init should init (open) the
maps.

Test: atest FrameworksNetTests
Change-Id: Ifd6be50aa5f62e59a5b1c5c0a97550389fd0e7e1

Remove libutils dependency.

Test: m
Change-Id: I857e40c984bcce2931b5068b3b96d2c9dd69693c

There is not really a point to separate these two as they are all used
in ConnectivityService.
As a future TODO, we might want to rename libservice-connectivity to
libcom_android_server_jni to be more inline with the jarjar'ed jni lib
versions.

Test: atest FrameworksNetTests:ConnectivityServiceTest
Change-Id: I1b9f4fde345038bda6b3ffcf8e3f47cf9262e052

calls BpfNetMaps on T

Since TrafficController moves to mainline module for T, so some netd binder
interfaces revelant to BPF are going to deprecated. Provide JNI APIs to
call TrafficController inside mainline module for T.

Bug: 209935649
Test: atest CtsHostsideNetworkTests
Change-Id: Ib3b43cf2840e02806395af9f1e019ca6fccd032e

CTS already have basic tests for this since they run the common tests,
which were using these hidden methods already.

Test: CtsNetTestCases
Change-Id: Id5e5b911f5c63bdd3b05e5ac1d3dd89c1c525ab7

Test: FrameworkNetTests CtsNetTestCases
Change-Id: I8301abaddf5850071fa23d41e8e736ab7071e299

For now, all entry points reject this. Followup changes
will allow the supported use cases.

Test: new unit tests and CTS for this in this patch
Change-Id: I7262811a2e46336d3bb63c80886fc0578a36da94

This is a no-op change.

Test: FrameworkNetTests

Change-Id: I658e579bf49e1baf57a8aeaabc8d07d7d3293c56

NetworkAgents send NetworkCapabilities to ConnectivityService but
there are limits to what exactly they can send. Going forward,
some of these checks will have to happen on the handler thread,
which is already the case when an agent updates its capabilities,
but not upon registration.

This patches moves the sanitization on the handler thread, after
the network monitor is created for a network agent.

Before this patch, upon registration of a new agent, the binder
thread would copy and sanitize the capabilities, then store them
in nai.networkCapabilities. It would store the original caps from
the agent in the NAI, mix in what is known from the network info,
process the LinkProperties, and then proceed to create the
network monitor, but not yet store the NAI in the internal
structures because its registration is not finalized, so other
methods should not see it yet. After the monitor is created in
the network stack process, the NAI is stored in the internal
structures which publishes it for all methods to see. After
that is done, the NAI calls to the network monitor to warn it
that it's registered, what its capabilities are, and that it's
time to start validation if applicable.

With this patch, the validation no longer happens on the binder
thread. Instead, the binder thread stores the capabilities and
link properties as is, before sanitization, in the NAI. This is
fine because no other method can access these until the
registration completes upon notification that the monitor has
been created ; this agent is only stored in the network monitor
callbacks in a self-destructing object precisely to make sure
that's the case.
When the monitor is created and CS receives notification of the
same, it will sanitize the capabilities before adding the NAI
to the internal structures, to protect the invariant that the
un-sanitized capabilities inside the NAI can't ever be seen by
any other method. After that's done, it will call to the
monitor to start validation as usual.

Test: FrameworksNetTests CtsNetTestsCases
Change-Id: I7d43ef0e25955e0349903b4801b9dfd8c3c92586

Test: unit test and CTS
Bug: 194332512
Change-Id: I29680b56d790106ad082f1a398c2bddb030f834a

1. Add libnetd_updatable.so in com.android.tethering. The library is
loaded by netd. Currently, it mainly targets on a few functions which
access BPF maps. The functionality may extend in the future.

2. Attach gcroup progs from libnetd_updatable.so.

3. Move (privileged)TagSocket and untagSocket implementation to mainline
module. Combine privilegedTagSocket and untagSocket into a single
function.

4. Split related unit tests from netd_unit_test to
libnetd_updatable_unit_test as well.

Bug: 202086915
Test: cd system/netd; atest
Test: atest TrafficStatsTest NetworkUsageStatsTest

Change-Id: Ib556458103a4cbb643c1342d9b689ac692160de0

NetworkManagementSocketTagger#kernelToTag is moving to
NetworkStatsFactory. Fix the import path in the test.

Test: atest FrameworksNetTest
Change-Id: I8797d9e589e68b4980ff5b38ba09d091420d30fd

Test: atest NetworkStatsServiceTest
Change-Id: Icdea9f871199f1e859aef647e5ba3dec7ac02d73

* changes:
  Don't enable DscpPolicyTracker on pre-T devices.
  Allow service JNI in FrameworksNetIntegrationTests.
  Don't manually load the JNI library in DscpPolicyTracker.
  Process DSCP QoS events for policies
  Allow using BpfMap and TcUtils in unit tests.

Added SPDX-license-identifier-Apache-2.0 to:
  service/native/Android.bp

Bug: 68860345
Bug: 151177513
Bug: 151953481

Test: m all
Change-Id: Ibfaed81348fca9e5cf313a4d29fd0b72bc746e06

Test: m
Change-Id: I10bbe36ba867aa77ea6f32cc3b8fd37d5b15145e
Merged-In: I0c4e29568eadb6ef85ddadebbb37723adb9f29cd

The code cannot work before T because before T the tethering
module can only load BPF programs/maps into /sys/fs/tethering/bpf
and the system server cannot access that directory.

Additionally, this is causing unit tests to fail on pre-T devices
because on those devices the seccomp filter blocks the bpf
syscall from apps (including Java tests).

Test: revert aosp/1907693 and atest FrameworksNetTests:ConnectivityServiceTest
Change-Id: I6c398031dffb840da1d723b11ea4d0845ad6c6f2

Add libcom_android_connectivity_com_android_net_module_util_jni
to the JNI libraries for FrameworksNetIntegrationTests. This is
needed for service code (e.g., ConnectivityService,
DscpPolicyTracker) to use JNI.

Test: atest FrameworksNetIntegrationTests
Change-Id: Iebe7ef31057c7a3b10bd7bad42ca74a25fe24473

This is not necessary because TcUtils already loads its library,
and unlike this code, it correctly loads it using JniUtils so
will succeed even when the code is jarjard in unit tests.

Test: atest ConnectivityServiceTest
Change-Id: I57eb46178d58777769f5497a0ea93cd037d598cb

New events to handle adding and removing of DSCP QoS policies.
Async indication sends status back to client if the policy
has been added, failed, or if the policy limit has been
reached.

Bug: 202871011
Change-Id: I7988d22ae625ad0dd415927d2943de4a749e6fb8

Create a Java library that allows the BpfMap class and the
TcUtils class to find their JNI code when they are jarjard to the
package name we use in our unit tests.

Test: atest ConnectivityServiceTest
Change-Id: I2f17b1c366b2b8164eac34b94c9659bc7c0f68e0

Bug: 184750836
Test: make update-api
Test: atest FrameworksNetTests
Change-Id: I70470ab3a945570a23607e39d18f9825d9e1d7aa
CTS-Coverage-Bug: 184750836

Append a random number between 0 and 999999999 to the service name,
instead of 0 to 999 (and historically 0 to 9999). This reduces chances
that a collision can happen, if the test is run simultaneously on
devices on the same network.

Bug: 190249673
Test: atest NsdManagerTest
Change-Id: I14a7a60a45c41b920f50d9ccc4dd3f98fd623c42

The "current" targets are only necessary in branches that can use
non-stable APIs, and can fail to build otherwise.

Apply ConnectivityNextEnableDefaults so they are disabled on such
branches. Also deprecate NetworkStackNextEnableDefaults, so
ConnectivityNextEnableDefaults is used everywhere.

Bug: 190249673
Test: m
Change-Id: I1b152f3cc22f1bed6444d280f0066e480980e949

Test: atest FrameworksNetTests
Change-Id: I1ae720fcc3192712b3dcbe69619f97f7df1a1f5e