Annotations such as @SystemApi cannot be jarjared to a different
package, as the members would not match the system API declarations.

Instead, only build against the annotations from
framework-annotations-lib, but do not include them as classes in the
output jar; annotations are not required to be available to the
classloader at runtime.

Test: builds, boots, tethering working
Bug: 147812912
Fixes: 148609988
Change-Id: I1fae97a1c1e0ba07fa3e2d64cde7650cd26d0acd
Merged-In: I1fae97a1c1e0ba07fa3e2d64cde7650cd26d0acd

The non-updatable part of the platform now is built with
framework-tethering-stub, which is a stub library of
framework-tethering.

Bug: 147200698
Test: m
Change-Id: I97ef83f7f9b4c1376f373713036f5256318f1050
Merged-In: I97ef83f7f9b4c1376f373713036f5256318f1050

* changes:
  Ensure all VPN runners clean up state when exiting
  Enforce restricted user, getConnectionOwnerUid checks

There are test that rely on that being checked first.

Bug: 149350547
Test: atest android.security.cts.ServicePermissionsTest#testDumpProtected
Change-Id: Ifeac7219c217ee522af442e46dc7832b6afb9e42

The permissions are checked by Tethering; mainline modules should be
able to do permission checks based on these permissions.

Bug: 135411507
Test: m
Test: make test-api-stubs-docs-update-current-api \
      system-api-stubs-docs-update-current-api
Change-Id: I10eb0273461063149a8d0eec92e2aaadea0680bd
Merged-In: Ia617ea56aba18f98371d7dbd546679e0327bfacd

* changes:
  Add CaptivePortalApiUrl to DhcpResults
  Send LinkProperties update on new capport data

Revert "Fix shared libraries not being reported via Reporter"

Revert submission 1198456-slclc

Reason for revert: Fails on luci:
https://ci.chromium.org/p/art/builders/ci/host-x86_64-cdex-fast/3123

Exempt-From-Owner-Approval: pure revert

Bug: 148494302
Reverted Changes:
I46d8d9105: Fix shared libraries not being reported via Report...
I00357cfe0: [DexLoadReporter] Report classloader contexts dire...

Change-Id: Ib58066e8f059642a11d9eaab02ec0b8b3217e487

Bug: 149535950
Test: OFF/ON hotspot
Change-Id: Ic52e2b2f3cec1a39a70302c41ab67ec1a1a55b1a

Test: reboot and check system server jars are not dexopted
Bug: 147208643
Change-Id: I6a612d04b08be23984b04e71e1c8938025d5e4ea

The URL will be used by DhcpClient to return it in its results.
It will not be parceled in DhcpResultsParcelable, but instead sent
through LinkProperties to network agents.

Bug: 139269711
Test: atest NetworkStackTests with associated NetworkStack change

Change-Id: I4ec9e7f5efece3ede9b0da5eb1b75d8d43b94ba9

When new CaptivePortalData is received from NetworkMonitor, send a
LinkProperties updated callback.
The updated LinkProperties only contain CaptivePortalData if the
receiver has NETWORK_SETTINGS or MAINLINE_NETWORK_STACK permissions, as
defined in the current callback code.

Test: atest FrameworksNetTests
Bug: 139269711

Change-Id: I68595a519171b31792259849efff5f58c43cacd4

The kernel no longer enforces XOM layouts, and the build system no
longer generates XOM binaries. As a result, the zygote code to mark XOM
sections of memory readable for apps with targetSdkVersion<Q.

Bug: 147300048
Test: m -j
Change-Id: I0abb0abb54f8f5a538da9194a900e6a64e574bfe
Merged-In: I0abb0abb54f8f5a538da9194a900e6a64e574bfe

Revert "Use createRandomUnicastAddress from MacAddressUtils"

Revert "Add net-utils-framework-net to telephony-common"

Revert submission 1191997-net-utils-framework-net

Reason for revert: Droidcop-triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_qt-qpr1-dev-plus-aosp&target=aosp_taimen-userdebug&lkgb=6208131&lkbb=6208273&fkbb=6208273, bug b/149551544
Reverted Changes:
Ib1c807d64:Use createRandomUnicastAddress from MacAddressUtil...
I9e0f297e0:Add net-utils-framework-net to telephony-common
Ieb8927f9a:Remove framework code that has moved to frameworks...

Change-Id: I2824f781babd9f7e0bb9df524dadf6b8397dcaa1

From current design, the traffic accounted by stats providers
will be updated asynchronously when force polling. When upper
layer make two subsequently queries. They will get stale
stats upon the first query, and may get newest/stale stats
base on the result of race.

Thus, wait for a bit of time to allow asynchronous stats update
complete to reduce the chance of race. In pratice, it would
be finished in ~2ms when testing.

Test: systrace.py network
Test: atest FrameworksNetTests
Bug: 147460444
Change-Id: I22a00fc4049cddf77fd578e25769ae1979f2cc6d

Test: atest FrameworksNetTests
Test: atest NetworkPolicyManagerServiceTest
Test: m doc-comment-check-docs
Bug: 130855321
Change-Id: Iccaab09f5b9668ec4a7249737c64a69cecb08d15

State override is only handled when state is changed from
CONNECTED to SUSPENDED but not reverse path. Handle both ways
for SUSPENDED state.

Bug: 148678431
Test: FrameworkNetTests
Change-Id: I9333f865d61bbf008fdb8ca162ad17dfdffd1d67

This CL tweaks the cleanup flow to ensure that VPN runners exit
properly and clean up state. Previously, if a VPN exited before an
interface was created and the Interface Observer started watching the
virtual interface, some state (eg mConfig) might not get cleaned up.

Also as a result of this change, the LegacyVpn no longer implicitly
relies on the NetworkManagementEventObserver's watching for interface
removed to cleanup mConfig, mStatusIntent, mNetworkCapabilities, and the
VPN runner itself, but rather clears the state immediately.

Bug: 144246767
Test: FrameworksNetTests passing
Change-Id: Ide9daebca9a3fba025e7da5e3fe1d20d7bfdca02

This CL adds checks to ensure restricted users cannot change or
start/stop platform VPNs. In addition, this also adds checks to the
ConnectivityManager#getConnectionOwnerUid() to ensure that only
VpnService based VPNs can identify connections

Bug: 148040659
Test: FrameworksNetTests run
Change-Id: Id47ada5766036bfc84f3ba47f66f2d2683af916d

VtsValidatePermission is just the GTest of
vts_permission_validate_test.

Bug: 142397658
Test: $atestvts_permission_validate_test
Change-Id: Iff12e5196dc40cea9d30bfb1db2fbe0aa6e55034