1 /* 2 * Copyright (C) 2019 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.net.module.util; 18 19 import static android.net.NetworkCapabilities.NET_CAPABILITY_DUN; 20 import static android.net.NetworkCapabilities.NET_CAPABILITY_INTERNET; 21 import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED; 22 import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_VPN; 23 import static android.net.NetworkCapabilities.NET_CAPABILITY_OEM_PAID; 24 import static android.net.NetworkCapabilities.NET_CAPABILITY_TRUSTED; 25 import static android.net.NetworkCapabilities.TRANSPORT_BLUETOOTH; 26 import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR; 27 import static android.net.NetworkCapabilities.TRANSPORT_ETHERNET; 28 import static android.net.NetworkCapabilities.TRANSPORT_WIFI; 29 30 import android.annotation.NonNull; 31 import android.net.NetworkCapabilities; 32 import android.os.Build; 33 34 /** @hide */ 35 public class NetworkMonitorUtils { 36 // This class is used by both NetworkMonitor and ConnectivityService, so it cannot use 37 // NetworkStack shims, but at the same time cannot use non-system APIs. 38 // TRANSPORT_TEST is test API as of R (so it is enforced to always be 7 and can't be changed), 39 // and it is being added as a system API in S. 40 // TODO: use NetworkCapabilities.TRANSPORT_TEST once NetworkStack builds against API 31. 41 private static final int TRANSPORT_TEST = 7; 42 43 // This class is used by both NetworkMonitor and ConnectivityService, so it cannot use 44 // NetworkStack shims, but at the same time cannot use non-system APIs. 45 // NET_CAPABILITY_NOT_VCN_MANAGED is system API as of S (so it is enforced to always be 28 and 46 // can't be changed). 47 // TODO: use NetworkCapabilities.NET_CAPABILITY_NOT_VCN_MANAGED once NetworkStack builds against 48 // API 31. 49 public static final int NET_CAPABILITY_NOT_VCN_MANAGED = 28; 50 51 // Network conditions broadcast constants 52 public static final String ACTION_NETWORK_CONDITIONS_MEASURED = 53 "android.net.conn.NETWORK_CONDITIONS_MEASURED"; 54 public static final String EXTRA_CONNECTIVITY_TYPE = "extra_connectivity_type"; 55 public static final String EXTRA_NETWORK_TYPE = "extra_network_type"; 56 public static final String EXTRA_RESPONSE_RECEIVED = "extra_response_received"; 57 public static final String EXTRA_IS_CAPTIVE_PORTAL = "extra_is_captive_portal"; 58 public static final String EXTRA_CELL_ID = "extra_cellid"; 59 public static final String EXTRA_SSID = "extra_ssid"; 60 public static final String EXTRA_BSSID = "extra_bssid"; 61 /** real time since boot */ 62 public static final String EXTRA_REQUEST_TIMESTAMP_MS = "extra_request_timestamp_ms"; 63 public static final String EXTRA_RESPONSE_TIMESTAMP_MS = "extra_response_timestamp_ms"; 64 public static final String PERMISSION_ACCESS_NETWORK_CONDITIONS = 65 "android.permission.ACCESS_NETWORK_CONDITIONS"; 66 67 /** 68 * Return whether validation is required for private DNS in strict mode. 69 * @param nc Network capabilities of the network to test. 70 */ isPrivateDnsValidationRequired(@onNull final NetworkCapabilities nc)71 public static boolean isPrivateDnsValidationRequired(@NonNull final NetworkCapabilities nc) { 72 final boolean isVcnManaged = (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S) 73 && !nc.hasCapability(NET_CAPABILITY_NOT_VCN_MANAGED); 74 final boolean isOemPaid = nc.hasCapability(NET_CAPABILITY_OEM_PAID) 75 && nc.hasCapability(NET_CAPABILITY_TRUSTED); 76 final boolean isDefaultCapable = nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) 77 && nc.hasCapability(NET_CAPABILITY_TRUSTED); 78 79 // TODO: Consider requiring validation for DUN networks. 80 if (nc.hasCapability(NET_CAPABILITY_INTERNET) 81 && (isVcnManaged || isOemPaid || isDefaultCapable)) { 82 return true; 83 } 84 85 // Test networks that also have one of the major transport types are attempting to replicate 86 // that transport on a test interface (for example, test ethernet networks with 87 // EthernetManager#setIncludeTestInterfaces). Run validation on them for realistic tests. 88 // See also comments on EthernetManager#setIncludeTestInterfaces and on TestNetworkManager. 89 if (nc.hasTransport(TRANSPORT_TEST) && nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) && ( 90 nc.hasTransport(TRANSPORT_WIFI) 91 || nc.hasTransport(TRANSPORT_CELLULAR) 92 || nc.hasTransport(TRANSPORT_BLUETOOTH) 93 || nc.hasTransport(TRANSPORT_ETHERNET))) { 94 return true; 95 } 96 97 return false; 98 } 99 100 /** 101 * Return whether validation is required for a network. 102 * @param isVpnValidationRequired Whether network validation should be performed for VPN 103 * networks. 104 * @param nc Network capabilities of the network to test. 105 */ isValidationRequired(boolean isDunValidationRequired, boolean isVpnValidationRequired, @NonNull final NetworkCapabilities nc)106 public static boolean isValidationRequired(boolean isDunValidationRequired, 107 boolean isVpnValidationRequired, 108 @NonNull final NetworkCapabilities nc) { 109 if (isDunValidationRequired && nc.hasCapability(NET_CAPABILITY_DUN)) { 110 return true; 111 } 112 if (!nc.hasCapability(NET_CAPABILITY_NOT_VPN)) { 113 return isVpnValidationRequired; 114 } 115 return isPrivateDnsValidationRequired(nc); 116 } 117 } 118