Replace hidden API usages of NetworkCapabilities (37d07f9a) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/connectivity/Vpn.java

+34 −20

Original line number	Original line	Diff line number	Diff line
	@@ -19,10 +19,10 @@ package com.android.server.connectivity;
	import static android.Manifest.permission.BIND_VPN_SERVICE;		import static android.Manifest.permission.BIND_VPN_SERVICE;
	import static android.net.ConnectivityManager.NETID_UNSET;		import static android.net.ConnectivityManager.NETID_UNSET;
	import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_METERED;		import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_METERED;
	import static android.os.UserHandle.PER_USER_RANGE;
	import static android.net.RouteInfo.RTN_THROW;		import static android.net.RouteInfo.RTN_THROW;
	import static android.net.RouteInfo.RTN_UNREACHABLE;		import static android.net.RouteInfo.RTN_UNREACHABLE;
	import static android.net.VpnManager.NOTIFICATION_CHANNEL_VPN;		import static android.net.VpnManager.NOTIFICATION_CHANNEL_VPN;
			import static android.os.UserHandle.PER_USER_RANGE;

	import static com.android.internal.util.Preconditions.checkArgument;		import static com.android.internal.util.Preconditions.checkArgument;
	import static com.android.internal.util.Preconditions.checkNotNull;		import static com.android.internal.util.Preconditions.checkNotNull;
	@@ -223,7 +223,7 @@ public class Vpn {
	protected NetworkAgent mNetworkAgent;		protected NetworkAgent mNetworkAgent;
	private final Looper mLooper;		private final Looper mLooper;
	@VisibleForTesting		@VisibleForTesting
	protected final NetworkCapabilities mNetworkCapabilities;		protected NetworkCapabilities mNetworkCapabilities;
	private final SystemServices mSystemServices;		private final SystemServices mSystemServices;
	private final Ikev2SessionCreator mIkev2SessionCreator;		private final Ikev2SessionCreator mIkev2SessionCreator;
	private final UserManager mUserManager;		private final UserManager mUserManager;
	@@ -460,11 +460,12 @@ public class Vpn {
	mLegacyState = LegacyVpnInfo.STATE_DISCONNECTED;		mLegacyState = LegacyVpnInfo.STATE_DISCONNECTED;
	mNetworkInfo = new NetworkInfo(ConnectivityManager.TYPE_VPN, 0 /* subtype */, NETWORKTYPE,		mNetworkInfo = new NetworkInfo(ConnectivityManager.TYPE_VPN, 0 /* subtype */, NETWORKTYPE,
	"" /* subtypeName */);		"" /* subtypeName */);
	mNetworkCapabilities = new NetworkCapabilities();		mNetworkCapabilities = new NetworkCapabilities.Builder()
	mNetworkCapabilities.addTransportType(NetworkCapabilities.TRANSPORT_VPN);		.addTransportType(NetworkCapabilities.TRANSPORT_VPN)
	mNetworkCapabilities.removeCapability(NetworkCapabilities.NET_CAPABILITY_NOT_VPN);		.removeCapability(NetworkCapabilities.NET_CAPABILITY_NOT_VPN)
	mNetworkCapabilities.addCapability(NetworkCapabilities.NET_CAPABILITY_NOT_VCN_MANAGED);		.addCapability(NetworkCapabilities.NET_CAPABILITY_NOT_VCN_MANAGED)
	mNetworkCapabilities.setTransportInfo(new VpnTransportInfo(VpnManager.TYPE_VPN_NONE));		.setTransportInfo(new VpnTransportInfo(VpnManager.TYPE_VPN_NONE))
			.build();

	loadAlwaysOnPackage();		loadAlwaysOnPackage();
	}		}
	@@ -525,8 +526,10 @@ public class Vpn {
	}		}

	private void resetNetworkCapabilities() {		private void resetNetworkCapabilities() {
	mNetworkCapabilities.setUids(null);		mNetworkCapabilities = new NetworkCapabilities.Builder(mNetworkCapabilities)
	mNetworkCapabilities.setTransportInfo(new VpnTransportInfo(VpnManager.TYPE_VPN_NONE));		.setUids(null)
			.setTransportInfo(new VpnTransportInfo(VpnManager.TYPE_VPN_NONE))
			.build();
	}		}

	/**		/**
	@@ -1237,7 +1240,9 @@ public class Vpn {
	// registered with registerDefaultNetworkCallback. This in turn protects the invariant		// registered with registerDefaultNetworkCallback. This in turn protects the invariant
	// that an app calling ConnectivityManager#bindProcessToNetwork(getDefaultNetwork())		// that an app calling ConnectivityManager#bindProcessToNetwork(getDefaultNetwork())
	// behaves the same as when it uses the default network.		// behaves the same as when it uses the default network.
	mNetworkCapabilities.addCapability(NetworkCapabilities.NET_CAPABILITY_INTERNET);		final NetworkCapabilities.Builder capsBuilder =
			new NetworkCapabilities.Builder(mNetworkCapabilities);
			capsBuilder.addCapability(NetworkCapabilities.NET_CAPABILITY_INTERNET);

	mLegacyState = LegacyVpnInfo.STATE_CONNECTING;		mLegacyState = LegacyVpnInfo.STATE_CONNECTING;
	updateState(DetailedState.CONNECTING, "agentConnect");		updateState(DetailedState.CONNECTING, "agentConnect");
	@@ -1245,21 +1250,22 @@ public class Vpn {
	NetworkAgentConfig networkAgentConfig = new NetworkAgentConfig.Builder().build();		NetworkAgentConfig networkAgentConfig = new NetworkAgentConfig.Builder().build();
	networkAgentConfig.allowBypass = mConfig.allowBypass && !mLockdown;		networkAgentConfig.allowBypass = mConfig.allowBypass && !mLockdown;

	mNetworkCapabilities.setOwnerUid(mOwnerUID);		capsBuilder.setOwnerUid(mOwnerUID);
	mNetworkCapabilities.setAdministratorUids(new int[] {mOwnerUID});		capsBuilder.setAdministratorUids(new int[] {mOwnerUID});
	mNetworkCapabilities.setUids(createUserAndRestrictedProfilesRanges(mUserId,		capsBuilder.setUids(createUserAndRestrictedProfilesRanges(mUserId,
	mConfig.allowedApplications, mConfig.disallowedApplications));		mConfig.allowedApplications, mConfig.disallowedApplications));

	mNetworkCapabilities.setTransportInfo(new VpnTransportInfo(getActiveVpnType()));		capsBuilder.setTransportInfo(new VpnTransportInfo(getActiveVpnType()));

	// Only apps targeting Q and above can explicitly declare themselves as metered.		// Only apps targeting Q and above can explicitly declare themselves as metered.
	// These VPNs are assumed metered unless they state otherwise.		// These VPNs are assumed metered unless they state otherwise.
	if (mIsPackageTargetingAtLeastQ && mConfig.isMetered) {		if (mIsPackageTargetingAtLeastQ && mConfig.isMetered) {
	mNetworkCapabilities.removeCapability(NET_CAPABILITY_NOT_METERED);		capsBuilder.removeCapability(NET_CAPABILITY_NOT_METERED);
	} else {		} else {
	mNetworkCapabilities.addCapability(NET_CAPABILITY_NOT_METERED);		capsBuilder.addCapability(NET_CAPABILITY_NOT_METERED);
	}		}

			mNetworkCapabilities = capsBuilder.build();
	mNetworkAgent = new NetworkAgent(mContext, mLooper, NETWORKTYPE /* logtag */,		mNetworkAgent = new NetworkAgent(mContext, mLooper, NETWORKTYPE /* logtag */,
	mNetworkCapabilities, lp,		mNetworkCapabilities, lp,
	new NetworkScore.Builder().setLegacyInt(VPN_DEFAULT_SCORE).build(),		new NetworkScore.Builder().setLegacyInt(VPN_DEFAULT_SCORE).build(),
	@@ -1426,7 +1432,8 @@ public class Vpn {
	// restore old state		// restore old state
	mConfig = oldConfig;		mConfig = oldConfig;
	mConnection = oldConnection;		mConnection = oldConnection;
	mNetworkCapabilities.setUids(oldUsers);		mNetworkCapabilities =
			new NetworkCapabilities.Builder(mNetworkCapabilities).setUids(oldUsers).build();
	mNetworkAgent = oldNetworkAgent;		mNetworkAgent = oldNetworkAgent;
	mInterface = oldInterface;		mInterface = oldInterface;
	throw e;		throw e;
	@@ -1576,7 +1583,8 @@ public class Vpn {
	try {		try {
	addUserToRanges(existingRanges, userId, mConfig.allowedApplications,		addUserToRanges(existingRanges, userId, mConfig.allowedApplications,
	mConfig.disallowedApplications);		mConfig.disallowedApplications);
	mNetworkCapabilities.setUids(existingRanges);		mNetworkCapabilities = new NetworkCapabilities.Builder(mNetworkCapabilities)
			.setUids(existingRanges).build();
	} catch (Exception e) {		} catch (Exception e) {
	Log.wtf(TAG, "Failed to add restricted user to owner", e);		Log.wtf(TAG, "Failed to add restricted user to owner", e);
	}		}
	@@ -1605,7 +1613,8 @@ public class Vpn {
	final List<Range<Integer>> removedRanges =		final List<Range<Integer>> removedRanges =
	uidRangesForUser(userId, existingRanges);		uidRangesForUser(userId, existingRanges);
	existingRanges.removeAll(removedRanges);		existingRanges.removeAll(removedRanges);
	mNetworkCapabilities.setUids(existingRanges);		mNetworkCapabilities = new NetworkCapabilities.Builder(mNetworkCapabilities)
			.setUids(existingRanges).build();
	} catch (Exception e) {		} catch (Exception e) {
	Log.wtf(TAG, "Failed to remove restricted user to owner", e);		Log.wtf(TAG, "Failed to remove restricted user to owner", e);
	}		}
	@@ -1886,7 +1895,12 @@ public class Vpn {
	if (!isRunningLocked()) {		if (!isRunningLocked()) {
	return false;		return false;
	}		}
	return mNetworkCapabilities.appliesToUid(uid);		final Set<Range<Integer>> uids = mNetworkCapabilities.getUids();
			if (uids == null) return true;
			for (final Range<Integer> range : uids) {
			if (range.contains(uid)) return true;
			}
			return false;
	}		}

	/**		/**