1 /* 2 * Copyright (C) 2019 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.net.shared; 18 19 import static android.net.NetworkCapabilities.NET_CAPABILITY_INTERNET; 20 import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED; 21 import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_VPN; 22 import static android.net.NetworkCapabilities.NET_CAPABILITY_OEM_PAID; 23 import static android.net.NetworkCapabilities.NET_CAPABILITY_TRUSTED; 24 import static android.net.NetworkCapabilities.TRANSPORT_BLUETOOTH; 25 import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR; 26 import static android.net.NetworkCapabilities.TRANSPORT_ETHERNET; 27 import static android.net.NetworkCapabilities.TRANSPORT_WIFI; 28 29 import android.annotation.NonNull; 30 import android.net.NetworkCapabilities; 31 32 import com.android.modules.utils.build.SdkLevel; 33 import com.android.networkstack.apishim.common.NetworkAgentConfigShim; 34 35 /** @hide */ 36 public class NetworkMonitorUtils { 37 // This class is used by both NetworkMonitor and ConnectivityService, so it cannot use 38 // NetworkStack shims, but at the same time cannot use non-system APIs. 39 // TRANSPORT_TEST is test API as of R (so it is enforced to always be 7 and can't be changed), 40 // and it is being added as a system API in S. 41 // TODO: use NetworkCapabilities.TRANSPORT_TEST once NetworkStack builds against API 31. 42 private static final int TRANSPORT_TEST = 7; 43 44 // This class is used by both NetworkMonitor and ConnectivityService, so it cannot use 45 // NetworkStack shims, but at the same time cannot use non-system APIs. 46 // NET_CAPABILITY_NOT_VCN_MANAGED is system API as of S (so it is enforced to always be 28 and 47 // can't be changed). 48 // TODO: use NetworkCapabilities.NET_CAPABILITY_NOT_VCN_MANAGED once NetworkStack builds against 49 // API 31. 50 public static final int NET_CAPABILITY_NOT_VCN_MANAGED = 28; 51 52 // Network conditions broadcast constants 53 public static final String ACTION_NETWORK_CONDITIONS_MEASURED = 54 "android.net.conn.NETWORK_CONDITIONS_MEASURED"; 55 public static final String EXTRA_CONNECTIVITY_TYPE = "extra_connectivity_type"; 56 public static final String EXTRA_NETWORK_TYPE = "extra_network_type"; 57 public static final String EXTRA_RESPONSE_RECEIVED = "extra_response_received"; 58 public static final String EXTRA_IS_CAPTIVE_PORTAL = "extra_is_captive_portal"; 59 public static final String EXTRA_CELL_ID = "extra_cellid"; 60 public static final String EXTRA_SSID = "extra_ssid"; 61 public static final String EXTRA_BSSID = "extra_bssid"; 62 /** real time since boot */ 63 public static final String EXTRA_REQUEST_TIMESTAMP_MS = "extra_request_timestamp_ms"; 64 public static final String EXTRA_RESPONSE_TIMESTAMP_MS = "extra_response_timestamp_ms"; 65 public static final String PERMISSION_ACCESS_NETWORK_CONDITIONS = 66 "android.permission.ACCESS_NETWORK_CONDITIONS"; 67 68 /** 69 * Return whether validation is required for private DNS in strict mode. 70 * @param nc Network capabilities of the network to test. 71 */ isPrivateDnsValidationRequired(@onNull final NetworkCapabilities nc)72 public static boolean isPrivateDnsValidationRequired(@NonNull final NetworkCapabilities nc) { 73 final boolean isVcnManaged = SdkLevel.isAtLeastS() 74 && !nc.hasCapability(NET_CAPABILITY_NOT_VCN_MANAGED); 75 final boolean isOemPaid = nc.hasCapability(NET_CAPABILITY_OEM_PAID) 76 && nc.hasCapability(NET_CAPABILITY_TRUSTED); 77 final boolean isDefaultCapable = nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) 78 && nc.hasCapability(NET_CAPABILITY_TRUSTED); 79 80 // TODO: Consider requiring validation for DUN networks. 81 if (nc.hasCapability(NET_CAPABILITY_INTERNET) 82 && (isVcnManaged || isOemPaid || isDefaultCapable)) { 83 return true; 84 } 85 86 // Test networks that also have one of the major transport types are attempting to replicate 87 // that transport on a test interface (for example, test ethernet networks with 88 // EthernetManager#setIncludeTestInterfaces). Run validation on them for realistic tests. 89 // See also comments on EthernetManager#setIncludeTestInterfaces and on TestNetworkManager. 90 if (nc.hasTransport(TRANSPORT_TEST) && nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) && ( 91 nc.hasTransport(TRANSPORT_WIFI) 92 || nc.hasTransport(TRANSPORT_CELLULAR) 93 || nc.hasTransport(TRANSPORT_BLUETOOTH) 94 || nc.hasTransport(TRANSPORT_ETHERNET))) { 95 return true; 96 } 97 98 return false; 99 } 100 101 /** 102 * Return whether validation is required for a network. 103 * @param config Configuration of the network to test. 104 * @param nc Network capabilities of the network to test. 105 */ isValidationRequired(@onNull final NetworkAgentConfigShim config, @NonNull final NetworkCapabilities nc)106 public static boolean isValidationRequired(@NonNull final NetworkAgentConfigShim config, 107 @NonNull final NetworkCapabilities nc) { 108 // TODO: Consider requiring validation for DUN networks. 109 if (!nc.hasCapability(NET_CAPABILITY_NOT_VPN)) { 110 return config.isVpnValidationRequired(); 111 } 112 return isPrivateDnsValidationRequired(nc); 113 } 114 } 115