This CL creates an abstract class NetworkMetricMonitor and a
subclass IpSecPacketLossDetector. IpSecPacketLossDetector
is responsible for continuously monitoring IPsec packet loss
and reporting to the caller when the data loss rate surpass
a threshold. This detector allows the VCN to switch from
the underlying network that has bad quality.

This CL also defines new carrier configs that specify the
data loss threshold and detecting frequency

Bug: 282996138
Test: atest FrameworksVcnTests(new tests), CtsVcnTestCases
Change-Id: I5f4b8e1821bdbb37f0a6de6e1584f8e3c87273f3

* changes:
  Adjust the NetworkRequest configuration used by SecurityController
  Design of the VPN icon reflects the invalidated status
  Update the VPN icon to reflect the validation status of the VPN network

The package name was changed. Change the use-sites to reflect that.

Test: TreeHugger
Change-Id: I039d02f599692efd51ca8a3316338914eb30a3b9

This is a preparation CL that allows followup CLs to add network
metric monitors. This CL does a pure refactoring without
introducing any behavior changes

Specific changes include:
- UnderlyingNetworkEvaluator now encapsulates the calculation of
  mPriorityClass
- mIsSelected is moved from UnderlyingNetworkRecord to
  UnderlyingNetworkEvaluator
- UnderlyingNetworkListener is simplified by moving the network
  candidate out to the UnderlyingNetworkController
- NetworkPriorityClassifier now takes a "isSelected" boolean
  instead of the currently selected network candidate

Bug: 282996138
Bug: 315858972
Test: atest FrameworksVcnTests, CtsVcnTestCases
Change-Id: I8461a68f1c4260b253d84d3efed2b09c41116656

Fixes: 319307772
Test: no
Change-Id: I75ae84a0a1e588cb33ea5895a338066858053edd

Merge "Implementation of Dedicated card mode APIs changes (Discovery tech and Change Routing)" into main

(Discovery tech and Change Routing)

Bug: 300351519
Bug: 319156577
Test: n/a
Merged-In: If664910d00fc673c0329e0cd4489174260eb4f1e
Merged-In: I3035f8b4fac331d827afa8e7bda6109d91ee510a
Change-Id: If664910d00fc673c0329e0cd4489174260eb4f1e

* changes:
  Remove serialNumber parameter from prepareUserStorage
  Remove serialNumber parameter from createUserStorageKeys
  Remove serialNumber parameter from unlockCeStorage

Bug: 262605832
Test: n/a

Change-Id: Ib1f61a9ab8bda28f9031ddc9bcc1beddfecda53d

This change restricts the NetworkRequest used by SecurityControllerImpl
to only include network types that SecurityControllerImpl is truly
concerned about, by adding the transport type TRANSPORT_VPN.

Bug: 319197157
Test: manually check the monitored networks listed in the dumpsys output.
Change-Id: I8d93ff8ca84329a4d2ce5fa9df97131ac29ca35c

Some test cases in TrustManagerServiceTest are failing on internal main
because http://ag/23669695 changed how PackageMonitor works.  Sending an
ACTION_PACKAGE_CHANGED intent no longer causes
PackageMonitor#onPackageChanged to be called.  This CL fixes the test
failures by making TrustManagerServiceTest call the onPackageChanged
method of TrustManagerService's PackageMonitor directly.

Bug: 29385425
Test: atest TrustManagerServiceTest # on both AOSP and internal main
Change-Id: I0b4708e4223452430ff10e422a71b223656a3360

This android.bp file was moved, and the comment needs to be updated
to reflect that.

Test: Presubmits
Change-Id: I225690505ccbf0f2234e65cbc668ade9bfbd5e17

After compatibility check at boot time, the VintfObject is
usually no longer needed. Hence, at boot time, we actively
release the VintfObject object after compatibility check
by not using the shared instance in the first place.

Test: TH
Bug: 270169217
Change-Id: I9b3383cd52fa67eb18dd5837f96caf2b0eab2ce5

* changes:
  vintf: Disable kernel compat check at boot time.
  vintf: delete deprecated VintfObject.verify.

Before this change, if the kernel has a set of CONFIGs
that is not compatible with the system image, a dialog
is displayed for user / userdebug builds at boot time.

This check has been doing more harm than good because:

- This check is already enforced at build time and during
  VTS tests (See vts_treble_vintf_framework_test).
- The dialog blocks UI automation for tests. For these UI
  automation tests, they need to respond to the dialog.
- GKI has been enforced ecosystem-wide except for a few
  low-end devices of other verticals. For these non-GKI
  devices, the check enforced by VTS should guard this.
  Hence, the check does not give us any signal.
- During development, a kernel that corresponds to the latest
  release (android15 as of now) might not have valid kernel
  config requirements in userspace. Kernel development schedule
  is usually ahead of the userspace development schedule.
  It does not always carry the string "-mainline-", because
  it is not a mainline kernel. To unblock test automation on
  these latest, bleeding-edge kernels, this kernel check should
  go away.
- This is a small steps towards dropping the dependency on libvintf
  on libandroid_runtime. libvintf links to libselinux, which is
  huge. libandroid_runtime loads this, and the memory stays there
  forever. Ideally, we should disable the whole VINTF check at
  boot time, but let's do this one step at a time.

Bug: 272479887
Bug: 270169217
Test: TH
Change-Id: If24cdca9fb535b8f443c0d21f9a46c7ea25c1f9f

It is not used anywhere.

Test: TH
Bug: 270169217
Change-Id: Ifcc8412ed3629d2447908513faf1d6f5ed3f483c

Merge "Reset top activity's mWaitForEnteringPinnedMode when aborting an incomplete pip-entry" into main

The primary purpose of validate_framework_keymaps is to perform checks
on all *.kl, *.kcm, and *.idc files using the "validatekeymaps -q"
command. This action can be replaced by using a genrule.

Bug: 318785074
Test: m validate_framework_keymaps
Change-Id: I657466d7ee2cec29900beeb0610cb0d30f34f92e

Non-A/B has been deprecated for long. During non-A/B updates,
compatibility.zip is checked with VintfObject.verify(), which
is another deprecated function that always returns compatible
if a list of package VINTF XMLs are supplied. (see below.) Hence, the private
RecoverySystem.verifyPackageCompatibility was just useless code
that unconditionally returns true except for invalid ZIP file.
Remove it. Replace the public RecoverySystem.verifyPackageCompatibility
and make it return true unconditonally.

VintfObject.verify() with OTA XMLs are deprecated per
http://b/139300422 [VINTF] Delete OTA vintf checking code
in http://r.android.com/1194233 ("Delete VINTF compatibility checks
during OTA."), in 2019. We had decided that compatibility checks
during OTA should be removed, and moved to OTA generation time instead.
Using an old libvintf on the device to check against new libvintf
metadata required forward compatibility of libvintf, which cannot be
achieved. Instead, the device should verify the signature of the OTA to
verify its source.

Test: TH
Bug: 270169217
Bug: 139300422
Change-Id: I775d29e4cd1d165233e07cfb820d1fe343fa4757

The availability to wifi apex was done implicitly using a baseline map in
build/soong/apex/apex.go. Make this explicit in Android.bp

Bug: 281077552
Test: m nothing
Change-Id: I5c3fb582f290da2d5cedc65417ca126013941da5

Remove the serialNumber parameter from
IStorageManager#prepareUserStorage, StorageManager#prepareUserStorage,
and StorageManagerService#prepareUserStorageInternal, as it is not used.

Bug: 316035110
Test: atest UserDataPreparerTest
Flag: N/A, mechanical refactoring
Change-Id: I4bb716a502fec267fbe0d93e423c7d713c78feaa