Merge changes I90bf7957,If58524b0 am: 7a2f9c06ca am: 3042783816 am: 3c975c208f (30c71e62) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/ConnectivityService.java

+6 −1

Original line number	Diff line number	Diff line
		@@ -6121,10 +6121,15 @@ public class ConnectivityService extends IConnectivityManager.Stub
		private NetworkCapabilities copyDefaultNetworkCapabilitiesForUid(
		@NonNull final NetworkCapabilities netCapToCopy, @NonNull final int requestorUid,
		@NonNull final String requestorPackageName) {
		// These capabilities are for a TRACK_DEFAULT callback, so:
		// 1. Remove NET_CAPABILITY_VPN, because it's (currently!) the only difference between
		// mDefaultRequest and a per-UID default request.
		// TODO: stop depending on the fact that these two unrelated things happen to be the same
		// 2. Always set the UIDs to mAsUid. restrictRequestUidsForCallerAndSetRequestorInfo will
		// not do this in the case of a privileged application.
		final NetworkCapabilities netCap = new NetworkCapabilities(netCapToCopy);
		netCap.removeCapability(NET_CAPABILITY_NOT_VPN);
		netCap.setSingleUid(requestorUid);
		netCap.setUids(new ArraySet<>());
		restrictRequestUidsForCallerAndSetRequestorInfo(
		netCap, requestorUid, requestorPackageName);
		return netCap;

tests/net/java/com/android/server/ConnectivityServiceTest.java

+16 −0

Original line number	Diff line number	Diff line
		@@ -7485,6 +7485,9 @@ public class ConnectivityServiceTest {
		final NetworkRequest vpnUidRequest = new NetworkRequest.Builder().build();
		registerNetworkCallbackAsUid(vpnUidRequest, vpnUidCallback, VPN_UID);

		final TestNetworkCallback vpnUidDefaultCallback = new TestNetworkCallback();
		registerDefaultNetworkCallbackAsUid(vpnUidDefaultCallback, VPN_UID);

		final int uid = Process.myUid();
		final int userId = UserHandle.getUserId(uid);
		final ArrayList<String> allowList = new ArrayList<>();
		@@ -7503,6 +7506,7 @@ public class ConnectivityServiceTest {
		callback.expectAvailableCallbacksUnvalidatedAndBlocked(mWiFiNetworkAgent);
		defaultCallback.expectAvailableCallbacksUnvalidatedAndBlocked(mWiFiNetworkAgent);
		vpnUidCallback.expectAvailableCallbacksUnvalidated(mWiFiNetworkAgent);
		vpnUidDefaultCallback.expectAvailableCallbacksUnvalidated(mWiFiNetworkAgent);
		assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetworkForUid(VPN_UID));
		assertNull(mCm.getActiveNetwork());
		assertActiveNetworkInfo(TYPE_WIFI, DetailedState.BLOCKED);
		@@ -7515,6 +7519,7 @@ public class ConnectivityServiceTest {
		callback.expectBlockedStatusCallback(false, mWiFiNetworkAgent);
		defaultCallback.expectBlockedStatusCallback(false, mWiFiNetworkAgent);
		vpnUidCallback.assertNoCallback();
		vpnUidDefaultCallback.assertNoCallback();
		expectNetworkRejectNonSecureVpn(inOrder, false, firstHalf, secondHalf);
		assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetworkForUid(VPN_UID));
		assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetwork());
		@@ -7529,6 +7534,7 @@ public class ConnectivityServiceTest {
		callback.assertNoCallback();
		defaultCallback.assertNoCallback();
		vpnUidCallback.assertNoCallback();
		vpnUidDefaultCallback.assertNoCallback();

		// The following requires that the UID of this test package is greater than VPN_UID. This
		// is always true in practice because a plain AOSP build with no apps installed has almost
		@@ -7549,6 +7555,7 @@ public class ConnectivityServiceTest {
		callback.expectAvailableCallbacksUnvalidated(mCellNetworkAgent);
		defaultCallback.assertNoCallback();
		vpnUidCallback.expectAvailableCallbacksUnvalidated(mCellNetworkAgent);
		vpnUidDefaultCallback.assertNoCallback();
		assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetworkForUid(VPN_UID));
		assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetwork());
		assertActiveNetworkInfo(TYPE_WIFI, DetailedState.CONNECTED);
		@@ -7569,6 +7576,7 @@ public class ConnectivityServiceTest {
		defaultCallback.expectBlockedStatusCallback(true, mWiFiNetworkAgent);
		assertBlockedCallbackInAnyOrder(callback, true, mWiFiNetworkAgent, mCellNetworkAgent);
		vpnUidCallback.assertNoCallback();
		vpnUidDefaultCallback.assertNoCallback();
		assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetworkForUid(VPN_UID));
		assertNull(mCm.getActiveNetwork());
		assertActiveNetworkInfo(TYPE_WIFI, DetailedState.BLOCKED);
		@@ -7580,6 +7588,7 @@ public class ConnectivityServiceTest {
		defaultCallback.expectBlockedStatusCallback(false, mWiFiNetworkAgent);
		assertBlockedCallbackInAnyOrder(callback, false, mWiFiNetworkAgent, mCellNetworkAgent);
		vpnUidCallback.assertNoCallback();
		vpnUidDefaultCallback.assertNoCallback();
		assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetworkForUid(VPN_UID));
		assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetwork());
		assertActiveNetworkInfo(TYPE_WIFI, DetailedState.CONNECTED);
		@@ -7594,6 +7603,7 @@ public class ConnectivityServiceTest {
		callback.assertNoCallback();
		defaultCallback.assertNoCallback();
		vpnUidCallback.assertNoCallback();
		vpnUidDefaultCallback.assertNoCallback();
		assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetworkForUid(VPN_UID));
		assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetwork());
		assertActiveNetworkInfo(TYPE_WIFI, DetailedState.CONNECTED);
		@@ -7605,6 +7615,7 @@ public class ConnectivityServiceTest {
		callback.assertNoCallback();
		defaultCallback.assertNoCallback();
		vpnUidCallback.assertNoCallback();
		vpnUidDefaultCallback.assertNoCallback();
		assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetworkForUid(VPN_UID));
		assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetwork());
		assertActiveNetworkInfo(TYPE_WIFI, DetailedState.CONNECTED);
		@@ -7617,6 +7628,7 @@ public class ConnectivityServiceTest {
		defaultCallback.expectBlockedStatusCallback(true, mWiFiNetworkAgent);
		assertBlockedCallbackInAnyOrder(callback, true, mWiFiNetworkAgent, mCellNetworkAgent);
		vpnUidCallback.assertNoCallback();
		vpnUidDefaultCallback.assertNoCallback();
		assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetworkForUid(VPN_UID));
		assertNull(mCm.getActiveNetwork());
		assertActiveNetworkInfo(TYPE_WIFI, DetailedState.BLOCKED);
		@@ -7627,6 +7639,7 @@ public class ConnectivityServiceTest {
		assertUidRangesUpdatedForMyUid(true);
		defaultCallback.expectAvailableThenValidatedCallbacks(mMockVpn);
		vpnUidCallback.assertNoCallback(); // vpnUidCallback has NOT_VPN capability.
		vpnUidDefaultCallback.assertNoCallback(); // VPN does not apply to VPN_UID
		assertEquals(mMockVpn.getNetwork(), mCm.getActiveNetwork());
		assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetworkForUid(VPN_UID));
		assertActiveNetworkInfo(TYPE_WIFI, DetailedState.CONNECTED);
		@@ -7637,11 +7650,14 @@ public class ConnectivityServiceTest {
		mMockVpn.disconnect();
		defaultCallback.expectCallback(CallbackEntry.LOST, mMockVpn);
		defaultCallback.expectAvailableCallbacksUnvalidatedAndBlocked(mWiFiNetworkAgent);
		vpnUidCallback.assertNoCallback();
		vpnUidDefaultCallback.assertNoCallback();
		assertNull(mCm.getActiveNetwork());

		mCm.unregisterNetworkCallback(callback);
		mCm.unregisterNetworkCallback(defaultCallback);
		mCm.unregisterNetworkCallback(vpnUidCallback);
		mCm.unregisterNetworkCallback(vpnUidDefaultCallback);
		}

		private void setupLegacyLockdownVpn() {