diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-08-13 12:19:27 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-08-13 12:19:27 +0000 |
commit | 4c3166e6fd9099937a83bf5a6f870ecb26dfb136 (patch) | |
tree | cc35b2c2dd0cf2737e809039d8e9d5a9f41498fa | |
parent | aece28aa29493c098ccda39a09cfefc24f0ddde4 (diff) | |
parent | d643c98ad059bf48f7128c34c25fbf7ea40ac839 (diff) | |
download | net-aml_med_331012020.tar.gz |
Snap for 8944149 from d643c98ad059bf48f7128c34c25fbf7ea40ac839 to mainline-media-releaseaml_med_331012020
Change-Id: I1674cc0d095f48233b9d6930e00e5bc54e2e528e
-rw-r--r-- | common/Android.bp | 2 | ||||
-rw-r--r-- | common/device/com/android/net/module/util/NetworkMonitorUtils.java | 113 | ||||
-rw-r--r-- | common/native/tcutils/tests/tcutils_test.cpp | 7 |
3 files changed, 117 insertions, 5 deletions
diff --git a/common/Android.bp b/common/Android.bp index d13f9387..c04d1d46 100644 --- a/common/Android.bp +++ b/common/Android.bp @@ -37,6 +37,7 @@ java_library { "device/com/android/net/module/util/DeviceConfigUtils.java", "device/com/android/net/module/util/FdEventsReader.java", "device/com/android/net/module/util/HexDump.java", + "device/com/android/net/module/util/NetworkMonitorUtils.java", "device/com/android/net/module/util/PacketReader.java", "device/com/android/net/module/util/SharedLog.java", // This library is used by system modules, for which the system health impact of Kotlin @@ -69,6 +70,7 @@ java_library { libs: [ "androidx.annotation_annotation", "framework-annotations-lib", + "framework-connectivity.stubs.module_lib", ], lint: { strict_updatability_linting: true }, } diff --git a/common/device/com/android/net/module/util/NetworkMonitorUtils.java b/common/device/com/android/net/module/util/NetworkMonitorUtils.java new file mode 100644 index 00000000..f6cd044e --- /dev/null +++ b/common/device/com/android/net/module/util/NetworkMonitorUtils.java @@ -0,0 +1,113 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.net.module.util; + +import static android.net.NetworkCapabilities.NET_CAPABILITY_INTERNET; +import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED; +import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_VPN; +import static android.net.NetworkCapabilities.NET_CAPABILITY_OEM_PAID; +import static android.net.NetworkCapabilities.NET_CAPABILITY_TRUSTED; +import static android.net.NetworkCapabilities.TRANSPORT_BLUETOOTH; +import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR; +import static android.net.NetworkCapabilities.TRANSPORT_ETHERNET; +import static android.net.NetworkCapabilities.TRANSPORT_WIFI; + +import android.annotation.NonNull; +import android.net.NetworkCapabilities; +import android.os.Build; + +/** @hide */ +public class NetworkMonitorUtils { + // This class is used by both NetworkMonitor and ConnectivityService, so it cannot use + // NetworkStack shims, but at the same time cannot use non-system APIs. + // TRANSPORT_TEST is test API as of R (so it is enforced to always be 7 and can't be changed), + // and it is being added as a system API in S. + // TODO: use NetworkCapabilities.TRANSPORT_TEST once NetworkStack builds against API 31. + private static final int TRANSPORT_TEST = 7; + + // This class is used by both NetworkMonitor and ConnectivityService, so it cannot use + // NetworkStack shims, but at the same time cannot use non-system APIs. + // NET_CAPABILITY_NOT_VCN_MANAGED is system API as of S (so it is enforced to always be 28 and + // can't be changed). + // TODO: use NetworkCapabilities.NET_CAPABILITY_NOT_VCN_MANAGED once NetworkStack builds against + // API 31. + public static final int NET_CAPABILITY_NOT_VCN_MANAGED = 28; + + // Network conditions broadcast constants + public static final String ACTION_NETWORK_CONDITIONS_MEASURED = + "android.net.conn.NETWORK_CONDITIONS_MEASURED"; + public static final String EXTRA_CONNECTIVITY_TYPE = "extra_connectivity_type"; + public static final String EXTRA_NETWORK_TYPE = "extra_network_type"; + public static final String EXTRA_RESPONSE_RECEIVED = "extra_response_received"; + public static final String EXTRA_IS_CAPTIVE_PORTAL = "extra_is_captive_portal"; + public static final String EXTRA_CELL_ID = "extra_cellid"; + public static final String EXTRA_SSID = "extra_ssid"; + public static final String EXTRA_BSSID = "extra_bssid"; + /** real time since boot */ + public static final String EXTRA_REQUEST_TIMESTAMP_MS = "extra_request_timestamp_ms"; + public static final String EXTRA_RESPONSE_TIMESTAMP_MS = "extra_response_timestamp_ms"; + public static final String PERMISSION_ACCESS_NETWORK_CONDITIONS = + "android.permission.ACCESS_NETWORK_CONDITIONS"; + + /** + * Return whether validation is required for private DNS in strict mode. + * @param nc Network capabilities of the network to test. + */ + public static boolean isPrivateDnsValidationRequired(@NonNull final NetworkCapabilities nc) { + final boolean isVcnManaged = (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S) + && !nc.hasCapability(NET_CAPABILITY_NOT_VCN_MANAGED); + final boolean isOemPaid = nc.hasCapability(NET_CAPABILITY_OEM_PAID) + && nc.hasCapability(NET_CAPABILITY_TRUSTED); + final boolean isDefaultCapable = nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) + && nc.hasCapability(NET_CAPABILITY_TRUSTED); + + // TODO: Consider requiring validation for DUN networks. + if (nc.hasCapability(NET_CAPABILITY_INTERNET) + && (isVcnManaged || isOemPaid || isDefaultCapable)) { + return true; + } + + // Test networks that also have one of the major transport types are attempting to replicate + // that transport on a test interface (for example, test ethernet networks with + // EthernetManager#setIncludeTestInterfaces). Run validation on them for realistic tests. + // See also comments on EthernetManager#setIncludeTestInterfaces and on TestNetworkManager. + if (nc.hasTransport(TRANSPORT_TEST) && nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) && ( + nc.hasTransport(TRANSPORT_WIFI) + || nc.hasTransport(TRANSPORT_CELLULAR) + || nc.hasTransport(TRANSPORT_BLUETOOTH) + || nc.hasTransport(TRANSPORT_ETHERNET))) { + return true; + } + + return false; + } + + /** + * Return whether validation is required for a network. + * @param isVpnValidationRequired Whether network validation should be performed for VPN + * networks. + * @param nc Network capabilities of the network to test. + */ + public static boolean isValidationRequired(boolean isVpnValidationRequired, + @NonNull final NetworkCapabilities nc) { + // TODO: Consider requiring validation for DUN networks. + if (!nc.hasCapability(NET_CAPABILITY_NOT_VPN)) { + return isVpnValidationRequired; + } + return isPrivateDnsValidationRequired(nc); + } +} diff --git a/common/native/tcutils/tests/tcutils_test.cpp b/common/native/tcutils/tests/tcutils_test.cpp index 32736d6b..8129286f 100644 --- a/common/native/tcutils/tests/tcutils_test.cpp +++ b/common/native/tcutils/tests/tcutils_test.cpp @@ -113,12 +113,9 @@ TEST(LibTcUtilsTest, AddAndDeleteBpfFilter) { TEST(LibTcUtilsTest, AddAndDeleteIngressPoliceFilter) { // TODO: this should use bpf_shared.h rather than hardcoding the path static constexpr char bpfProgPath[] = - "/sys/fs/bpf/prog_netd_schedact_ingress_account"; + "/sys/fs/bpf/netd_shared/prog_netd_schedact_ingress_account"; int fd = bpf::retrieveProgram(bpfProgPath); - if (fd == -1) { - // ingress policing is not supported. - return; - } + ASSERT_LE(3, fd); close(fd); const int errNOENT = isAtLeastKernelVersion(4, 19, 0) ? ENOENT : EINVAL; |