Snap for 8944149 from d643c98ad059bf48f7128c34c25fbf7ea40ac839 to mainline-media-releaseaml_med_331012020

Change-Id: I1674cc0d095f48233b9d6930e00e5bc54e2e528e

3 files changed, 117 insertions, 5 deletions

diff --git a/common/Android.bp b/common/Android.bp
index d13f9387..c04d1d46 100644
--- a/common/Android.bp
+++ b/common/Android.bp
@@ -37,6 +37,7 @@ java_library {
       "device/com/android/net/module/util/DeviceConfigUtils.java",
       "device/com/android/net/module/util/FdEventsReader.java",
       "device/com/android/net/module/util/HexDump.java",
+      "device/com/android/net/module/util/NetworkMonitorUtils.java",
       "device/com/android/net/module/util/PacketReader.java",
       "device/com/android/net/module/util/SharedLog.java",
       // This library is used by system modules, for which the system health impact of Kotlin
@@ -69,6 +70,7 @@ java_library {
   libs: [
       "androidx.annotation_annotation",
       "framework-annotations-lib",
+      "framework-connectivity.stubs.module_lib",
   ],
   lint: { strict_updatability_linting: true },
 }
diff --git a/common/device/com/android/net/module/util/NetworkMonitorUtils.java b/common/device/com/android/net/module/util/NetworkMonitorUtils.java
new file mode 100644
index 00000000..f6cd044e
--- /dev/null
+++ b/common/device/com/android/net/module/util/NetworkMonitorUtils.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.net.module.util;
+
+import static android.net.NetworkCapabilities.NET_CAPABILITY_INTERNET;
+import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED;
+import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_VPN;
+import static android.net.NetworkCapabilities.NET_CAPABILITY_OEM_PAID;
+import static android.net.NetworkCapabilities.NET_CAPABILITY_TRUSTED;
+import static android.net.NetworkCapabilities.TRANSPORT_BLUETOOTH;
+import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR;
+import static android.net.NetworkCapabilities.TRANSPORT_ETHERNET;
+import static android.net.NetworkCapabilities.TRANSPORT_WIFI;
+
+import android.annotation.NonNull;
+import android.net.NetworkCapabilities;
+import android.os.Build;
+
+/** @hide */
+public class NetworkMonitorUtils {
+    // This class is used by both NetworkMonitor and ConnectivityService, so it cannot use
+    // NetworkStack shims, but at the same time cannot use non-system APIs.
+    // TRANSPORT_TEST is test API as of R (so it is enforced to always be 7 and can't be changed),
+    // and it is being added as a system API in S.
+    // TODO: use NetworkCapabilities.TRANSPORT_TEST once NetworkStack builds against API 31.
+    private static final int TRANSPORT_TEST = 7;
+
+    // This class is used by both NetworkMonitor and ConnectivityService, so it cannot use
+    // NetworkStack shims, but at the same time cannot use non-system APIs.
+    // NET_CAPABILITY_NOT_VCN_MANAGED is system API as of S (so it is enforced to always be 28 and
+    // can't be changed).
+    // TODO: use NetworkCapabilities.NET_CAPABILITY_NOT_VCN_MANAGED once NetworkStack builds against
+    //       API 31.
+    public static final int NET_CAPABILITY_NOT_VCN_MANAGED = 28;
+
+    // Network conditions broadcast constants
+    public static final String ACTION_NETWORK_CONDITIONS_MEASURED =
+            "android.net.conn.NETWORK_CONDITIONS_MEASURED";
+    public static final String EXTRA_CONNECTIVITY_TYPE = "extra_connectivity_type";
+    public static final String EXTRA_NETWORK_TYPE = "extra_network_type";
+    public static final String EXTRA_RESPONSE_RECEIVED = "extra_response_received";
+    public static final String EXTRA_IS_CAPTIVE_PORTAL = "extra_is_captive_portal";
+    public static final String EXTRA_CELL_ID = "extra_cellid";
+    public static final String EXTRA_SSID = "extra_ssid";
+    public static final String EXTRA_BSSID = "extra_bssid";
+    /** real time since boot */
+    public static final String EXTRA_REQUEST_TIMESTAMP_MS = "extra_request_timestamp_ms";
+    public static final String EXTRA_RESPONSE_TIMESTAMP_MS = "extra_response_timestamp_ms";
+    public static final String PERMISSION_ACCESS_NETWORK_CONDITIONS =
+            "android.permission.ACCESS_NETWORK_CONDITIONS";
+
+    /**
+     * Return whether validation is required for private DNS in strict mode.
+     * @param nc Network capabilities of the network to test.
+     */
+    public static boolean isPrivateDnsValidationRequired(@NonNull final NetworkCapabilities nc) {
+        final boolean isVcnManaged = (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S)
+                && !nc.hasCapability(NET_CAPABILITY_NOT_VCN_MANAGED);
+        final boolean isOemPaid = nc.hasCapability(NET_CAPABILITY_OEM_PAID)
+                && nc.hasCapability(NET_CAPABILITY_TRUSTED);
+        final boolean isDefaultCapable = nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED)
+                && nc.hasCapability(NET_CAPABILITY_TRUSTED);
+
+        // TODO: Consider requiring validation for DUN networks.
+        if (nc.hasCapability(NET_CAPABILITY_INTERNET)
+                && (isVcnManaged || isOemPaid || isDefaultCapable)) {
+            return true;
+        }
+
+        // Test networks that also have one of the major transport types are attempting to replicate
+        // that transport on a test interface (for example, test ethernet networks with
+        // EthernetManager#setIncludeTestInterfaces). Run validation on them for realistic tests.
+        // See also comments on EthernetManager#setIncludeTestInterfaces and on TestNetworkManager.
+        if (nc.hasTransport(TRANSPORT_TEST) && nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) && (
+                nc.hasTransport(TRANSPORT_WIFI)
+                || nc.hasTransport(TRANSPORT_CELLULAR)
+                || nc.hasTransport(TRANSPORT_BLUETOOTH)
+                || nc.hasTransport(TRANSPORT_ETHERNET))) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Return whether validation is required for a network.
+     * @param isVpnValidationRequired Whether network validation should be performed for VPN
+     *                                networks.
+     * @param nc Network capabilities of the network to test.
+     */
+    public static boolean isValidationRequired(boolean isVpnValidationRequired,
+            @NonNull final NetworkCapabilities nc) {
+        // TODO: Consider requiring validation for DUN networks.
+        if (!nc.hasCapability(NET_CAPABILITY_NOT_VPN)) {
+            return isVpnValidationRequired;
+        }
+        return isPrivateDnsValidationRequired(nc);
+    }
+}
diff --git a/common/native/tcutils/tests/tcutils_test.cpp b/common/native/tcutils/tests/tcutils_test.cpp
index 32736d6b..8129286f 100644
--- a/common/native/tcutils/tests/tcutils_test.cpp
+++ b/common/native/tcutils/tests/tcutils_test.cpp
@@ -113,12 +113,9 @@ TEST(LibTcUtilsTest, AddAndDeleteBpfFilter) {
 TEST(LibTcUtilsTest, AddAndDeleteIngressPoliceFilter) {
   // TODO: this should use bpf_shared.h rather than hardcoding the path
   static constexpr char bpfProgPath[] =
-      "/sys/fs/bpf/prog_netd_schedact_ingress_account";
+      "/sys/fs/bpf/netd_shared/prog_netd_schedact_ingress_account";
   int fd = bpf::retrieveProgram(bpfProgPath);
-  if (fd == -1) {
-    // ingress policing is not supported.
-    return;
-  }
+  ASSERT_LE(3, fd);
   close(fd);
 
   const int errNOENT = isAtLeastKernelVersion(4, 19, 0) ? ENOENT : EINVAL;