Merge changes Icb59b15d,I6fc6a266,I5cc340e5,I94db52a8 am: b79dcb24 am: 5804521e am: 32c2d343

    private static final String GATEWAY_CONNECTION_CONFIGS_KEY = "mGatewayConnectionConfigs";

    private static final String GATEWAY_CONNECTION_CONFIGS_KEY = "mGatewayConnectionConfigs";

    @NonNull private final Set<VcnGatewayConnectionConfig> mGatewayConnectionConfigs;

    @NonNull private final Set<VcnGatewayConnectionConfig> mGatewayConnectionConfigs;

    private static final String IS_TEST_MODE_PROFILE_KEY = "mIsTestModeProfile";

    private final boolean mIsTestModeProfile;

    private VcnConfig(

    private VcnConfig(

            @NonNull String packageName,

            @NonNull String packageName,

            @NonNull Set<VcnGatewayConnectionConfig> gatewayConnectionConfigs) {

            @NonNull Set<VcnGatewayConnectionConfig> gatewayConnectionConfigs,

            boolean isTestModeProfile) {

        mPackageName = packageName;

        mPackageName = packageName;

        mGatewayConnectionConfigs =

        mGatewayConnectionConfigs =

                Collections.unmodifiableSet(new ArraySet<>(gatewayConnectionConfigs));

                Collections.unmodifiableSet(new ArraySet<>(gatewayConnectionConfigs));

        mIsTestModeProfile = isTestModeProfile;

        validate();

        validate();

    }

    }

                new ArraySet<>(

                new ArraySet<>(

                        PersistableBundleUtils.toList(

                        PersistableBundleUtils.toList(

                                gatewayConnectionConfigsBundle, VcnGatewayConnectionConfig::new));

                                gatewayConnectionConfigsBundle, VcnGatewayConnectionConfig::new));

        mIsTestModeProfile = in.getBoolean(IS_TEST_MODE_PROFILE_KEY);

        validate();

        validate();

    }

    }

        return Collections.unmodifiableSet(mGatewayConnectionConfigs);

        return Collections.unmodifiableSet(mGatewayConnectionConfigs);

    }

    }

    /**

     * Returns whether or not this VcnConfig is restricted to test networks.

     *

     * @hide

     */

    public boolean isTestModeProfile() {

        return mIsTestModeProfile;

    }

    /**

    /**

     * Serializes this object to a PersistableBundle.

     * Serializes this object to a PersistableBundle.

     *

     *

                        new ArrayList<>(mGatewayConnectionConfigs),

                        new ArrayList<>(mGatewayConnectionConfigs),

                        VcnGatewayConnectionConfig::toPersistableBundle);

                        VcnGatewayConnectionConfig::toPersistableBundle);

        result.putPersistableBundle(GATEWAY_CONNECTION_CONFIGS_KEY, gatewayConnectionConfigsBundle);

        result.putPersistableBundle(GATEWAY_CONNECTION_CONFIGS_KEY, gatewayConnectionConfigsBundle);

        result.putBoolean(IS_TEST_MODE_PROFILE_KEY, mIsTestModeProfile);

        return result;

        return result;

    }

    }

    @Override

    @Override

    public int hashCode() {

    public int hashCode() {

        return Objects.hash(mPackageName, mGatewayConnectionConfigs);

        return Objects.hash(mPackageName, mGatewayConnectionConfigs, mIsTestModeProfile);

    }

    }

    @Override

    @Override

        final VcnConfig rhs = (VcnConfig) other;

        final VcnConfig rhs = (VcnConfig) other;

        return mPackageName.equals(rhs.mPackageName)

        return mPackageName.equals(rhs.mPackageName)

                && mGatewayConnectionConfigs.equals(rhs.mGatewayConnectionConfigs);

                && mGatewayConnectionConfigs.equals(rhs.mGatewayConnectionConfigs)

                && mIsTestModeProfile == rhs.mIsTestModeProfile;

    }

    }

    // Parcelable methods

    // Parcelable methods

        @NonNull

        @NonNull

        private final Set<VcnGatewayConnectionConfig> mGatewayConnectionConfigs = new ArraySet<>();

        private final Set<VcnGatewayConnectionConfig> mGatewayConnectionConfigs = new ArraySet<>();

        private boolean mIsTestModeProfile = false;

        public Builder(@NonNull Context context) {

        public Builder(@NonNull Context context) {

            Objects.requireNonNull(context, "context was null");

            Objects.requireNonNull(context, "context was null");

            return this;

            return this;

        }

        }

        /**

         * Restricts this VcnConfig to matching with test networks (only).

         *

         * <p>This method is for testing only, and must not be used by apps. Calling {@link

         * VcnManager#setVcnConfig(ParcelUuid, VcnConfig)} with a VcnConfig where test-network usage

         * is enabled will require the MANAGE_TEST_NETWORKS permission.

         *

         * @return this {@link Builder} instance, for chaining

         * @hide

         */

        @NonNull

        public Builder setIsTestModeProfile() {

            mIsTestModeProfile = true;

            return this;

        }

        /**

        /**

         * Builds and validates the VcnConfig.

         * Builds and validates the VcnConfig.

         *

         *

         */

         */

        @NonNull

        @NonNull

        public VcnConfig build() {

        public VcnConfig build() {

            return new VcnConfig(mPackageName, mGatewayConnectionConfigs);

            return new VcnConfig(mPackageName, mGatewayConnectionConfigs, mIsTestModeProfile);

        }

        }

    }

    }

}

}

 */

 */

package android.net.vcn;

package android.net.vcn;

import static android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_MOBIKE;

import static com.android.internal.annotations.VisibleForTesting.Visibility;

import static com.android.internal.annotations.VisibleForTesting.Visibility;

import android.annotation.IntDef;

import android.annotation.IntDef;

         *     distinguish between VcnGatewayConnectionConfigs configured on a single {@link

         *     distinguish between VcnGatewayConnectionConfigs configured on a single {@link

         *     VcnConfig}. This will be used as the identifier in VcnStatusCallback invocations.

         *     VcnConfig}. This will be used as the identifier in VcnStatusCallback invocations.

         * @param tunnelConnectionParams the IKE tunnel connection configuration

         * @param tunnelConnectionParams the IKE tunnel connection configuration

         * @throws IllegalArgumentException if the provided IkeTunnelConnectionParams is not

         *     configured to support MOBIKE

         * @see IkeTunnelConnectionParams

         * @see IkeTunnelConnectionParams

         * @see VcnManager.VcnStatusCallback#onGatewayConnectionError

         * @see VcnManager.VcnStatusCallback#onGatewayConnectionError

         */

         */

                @NonNull IkeTunnelConnectionParams tunnelConnectionParams) {

                @NonNull IkeTunnelConnectionParams tunnelConnectionParams) {

            Objects.requireNonNull(gatewayConnectionName, "gatewayConnectionName was null");

            Objects.requireNonNull(gatewayConnectionName, "gatewayConnectionName was null");

            Objects.requireNonNull(tunnelConnectionParams, "tunnelConnectionParams was null");

            Objects.requireNonNull(tunnelConnectionParams, "tunnelConnectionParams was null");

            if (!tunnelConnectionParams.getIkeSessionParams().hasIkeOption(IKE_OPTION_MOBIKE)) {

                throw new IllegalArgumentException(

                        "MOBIKE must be configured for the provided IkeSessionParams");

            }

            mGatewayConnectionName = gatewayConnectionName;

            mGatewayConnectionName = gatewayConnectionName;

            mTunnelConnectionParams = tunnelConnectionParams;

            mTunnelConnectionParams = tunnelConnectionParams;

    @NonNull private final VcnNetworkProvider mNetworkProvider;

    @NonNull private final VcnNetworkProvider mNetworkProvider;

    @NonNull private final TelephonySubscriptionTrackerCallback mTelephonySubscriptionTrackerCb;

    @NonNull private final TelephonySubscriptionTrackerCallback mTelephonySubscriptionTrackerCb;

    @NonNull private final TelephonySubscriptionTracker mTelephonySubscriptionTracker;

    @NonNull private final TelephonySubscriptionTracker mTelephonySubscriptionTracker;

    @NonNull private final VcnContext mVcnContext;

    @NonNull private final BroadcastReceiver mPkgChangeReceiver;

    @NonNull private final BroadcastReceiver mPkgChangeReceiver;

    @NonNull

    @NonNull

                mContext, mLooper, mTelephonySubscriptionTrackerCb);

                mContext, mLooper, mTelephonySubscriptionTrackerCb);

        mConfigDiskRwHelper = mDeps.newPersistableBundleLockingReadWriteHelper(VCN_CONFIG_FILE);

        mConfigDiskRwHelper = mDeps.newPersistableBundleLockingReadWriteHelper(VCN_CONFIG_FILE);

        mVcnContext = mDeps.newVcnContext(mContext, mLooper, mNetworkProvider);

        mPkgChangeReceiver = new BroadcastReceiver() {

        mPkgChangeReceiver = new BroadcastReceiver() {

            @Override

            @Override

        public VcnContext newVcnContext(

        public VcnContext newVcnContext(

                @NonNull Context context,

                @NonNull Context context,

                @NonNull Looper looper,

                @NonNull Looper looper,

                @NonNull VcnNetworkProvider vcnNetworkProvider) {

                @NonNull VcnNetworkProvider vcnNetworkProvider,

            return new VcnContext(context, looper, vcnNetworkProvider);

                boolean getIsInTestMode) {

            return new VcnContext(context, looper, vcnNetworkProvider, getIsInTestMode);

        }

        }

        /** Creates a new Vcn instance using the provided configuration */

        /** Creates a new Vcn instance using the provided configuration */

                "Carrier privilege required for subscription group to set VCN Config");

                "Carrier privilege required for subscription group to set VCN Config");

    }

    }

    private void enforceManageTestNetworksForTestMode(@NonNull VcnConfig vcnConfig) {

        if (vcnConfig.isTestModeProfile()) {

            mContext.enforceCallingPermission(

                    android.Manifest.permission.MANAGE_TEST_NETWORKS,

                    "Test-mode require the MANAGE_TEST_NETWORKS permission");

        }

    }

    private class VcnSubscriptionTrackerCallback implements TelephonySubscriptionTrackerCallback {

    private class VcnSubscriptionTrackerCallback implements TelephonySubscriptionTrackerCallback {

        /**

        /**

         * Handles subscription group changes, as notified by {@link TelephonySubscriptionTracker}

         * Handles subscription group changes, as notified by {@link TelephonySubscriptionTracker}

        final VcnCallbackImpl vcnCallback = new VcnCallbackImpl(subscriptionGroup);

        final VcnCallbackImpl vcnCallback = new VcnCallbackImpl(subscriptionGroup);

        final VcnContext vcnContext =

                mDeps.newVcnContext(

                        mContext, mLooper, mNetworkProvider, config.isTestModeProfile());

        final Vcn newInstance =

        final Vcn newInstance =

                mDeps.newVcn(mVcnContext, subscriptionGroup, config, mLastSnapshot, vcnCallback);

                mDeps.newVcn(vcnContext, subscriptionGroup, config, mLastSnapshot, vcnCallback);

        mVcns.put(subscriptionGroup, newInstance);

        mVcns.put(subscriptionGroup, newInstance);

        // Now that a new VCN has started, notify all registered listeners to refresh their

        // Now that a new VCN has started, notify all registered listeners to refresh their

        mContext.getSystemService(AppOpsManager.class)

        mContext.getSystemService(AppOpsManager.class)

                .checkPackage(mDeps.getBinderCallingUid(), config.getProvisioningPackageName());

                .checkPackage(mDeps.getBinderCallingUid(), config.getProvisioningPackageName());

        enforceManageTestNetworksForTestMode(config);

        enforceCallingUserAndCarrierPrivilege(subscriptionGroup, opPkgName);

        enforceCallingUserAndCarrierPrivilege(subscriptionGroup, opPkgName);

        Binder.withCleanCallingIdentity(() -> {

        Binder.withCleanCallingIdentity(() -> {

     * carrier owned networks may be selected, as the request specifies only subIds in the VCN's

     * carrier owned networks may be selected, as the request specifies only subIds in the VCN's

     * subscription group, while the VCN networks are excluded by virtue of not having subIds set on

     * subscription group, while the VCN networks are excluded by virtue of not having subIds set on

     * the VCN-exposed networks.

     * the VCN-exposed networks.

     *

     * <p>If the VCN that this UnderlyingNetworkTracker belongs to is in test-mode, this will return

     * a NetworkRequest that only matches Test Networks.

     */

     */

    private NetworkRequest getRouteSelectionRequest() {

    private NetworkRequest getRouteSelectionRequest() {

        if (mVcnContext.isInTestMode()) {

            return getTestNetworkRequest(mLastSnapshot.getAllSubIdsInGroup(mSubscriptionGroup));

        }

        return getBaseNetworkRequestBuilder()

        return getBaseNetworkRequestBuilder()

                .setSubscriptionIds(mLastSnapshot.getAllSubIdsInGroup(mSubscriptionGroup))

                .setSubscriptionIds(mLastSnapshot.getAllSubIdsInGroup(mSubscriptionGroup))

                .build();

                .build();

                .removeCapability(NetworkCapabilities.NET_CAPABILITY_NOT_VCN_MANAGED);

                .removeCapability(NetworkCapabilities.NET_CAPABILITY_NOT_VCN_MANAGED);

    }

    }

    /** Builds and returns a NetworkRequest for the given subIds to match Test Networks. */

    private NetworkRequest getTestNetworkRequest(@NonNull Set<Integer> subIds) {

        return getBaseNetworkRequestBuilder()

                .addTransportType(NetworkCapabilities.TRANSPORT_TEST)

                .removeCapability(NetworkCapabilities.NET_CAPABILITY_INTERNET)

                .removeCapability(NetworkCapabilities.NET_CAPABILITY_NOT_VPN)

                .setSubscriptionIds(subIds)

                .build();

    }

    /**

    /**

     * Update this UnderlyingNetworkTracker's TelephonySubscriptionSnapshot.

     * Update this UnderlyingNetworkTracker's TelephonySubscriptionSnapshot.

     *

     *

    @NonNull private final Context mContext;

    @NonNull private final Context mContext;

    @NonNull private final Looper mLooper;

    @NonNull private final Looper mLooper;

    @NonNull private final VcnNetworkProvider mVcnNetworkProvider;

    @NonNull private final VcnNetworkProvider mVcnNetworkProvider;

    private final boolean mIsInTestMode;

    public VcnContext(

    public VcnContext(

            @NonNull Context context,

            @NonNull Context context,

            @NonNull Looper looper,

            @NonNull Looper looper,

            @NonNull VcnNetworkProvider vcnNetworkProvider) {

            @NonNull VcnNetworkProvider vcnNetworkProvider,

            boolean isInTestMode) {

        mContext = Objects.requireNonNull(context, "Missing context");

        mContext = Objects.requireNonNull(context, "Missing context");

        mLooper = Objects.requireNonNull(looper, "Missing looper");

        mLooper = Objects.requireNonNull(looper, "Missing looper");

        mVcnNetworkProvider = Objects.requireNonNull(vcnNetworkProvider, "Missing networkProvider");

        mVcnNetworkProvider = Objects.requireNonNull(vcnNetworkProvider, "Missing networkProvider");

        mIsInTestMode = isInTestMode;

    }

    }

    @NonNull

    @NonNull

        return mVcnNetworkProvider;

        return mVcnNetworkProvider;

    }

    }

    public boolean isInTestMode() {

        return mIsInTestMode;

    }

    /**

    /**

     * Verifies that the caller is running on the VcnContext Thread.

     * Verifies that the caller is running on the VcnContext Thread.

     *

     *