Merge "ConnectivityManager: Provide API's to include location sensitive info"

  public static class ConnectivityManager.NetworkCallback {

    ctor public ConnectivityManager.NetworkCallback();

    ctor public ConnectivityManager.NetworkCallback(int);

    method public void onAvailable(@NonNull android.net.Network);

    method public void onBlockedStatusChanged(@NonNull android.net.Network, boolean);

    method public void onCapabilitiesChanged(@NonNull android.net.Network, @NonNull android.net.NetworkCapabilities);

    method public void onLosing(@NonNull android.net.Network, int);

    method public void onLost(@NonNull android.net.Network);

    method public void onUnavailable();

    field public static final int FLAG_INCLUDE_LOCATION_INFO = 1; // 0x1

  }

  public static interface ConnectivityManager.OnNetworkActiveListener {

import android.net.TetheringManager.StartTetheringCallback;

import android.net.TetheringManager.TetheringEventCallback;

import android.net.TetheringManager.TetheringRequest;

import android.net.wifi.WifiNetworkSuggestion;

import android.os.Binder;

import android.os.Build;

import android.os.Build.VERSION_CODES;

    }

    /**

     * Returns an array of {@link android.net.NetworkCapabilities} objects, representing

     * Returns an array of {@link NetworkCapabilities} objects, representing

     * the Networks that applications run by the given user will use by default.

     * @hide

     */

    }

    /**

     * Get the {@link android.net.NetworkCapabilities} for the given {@link Network}.  This

     * Get the {@link NetworkCapabilities} for the given {@link Network}.  This

     * will return {@code null} if the network is unknown.

     *

     * This will remove any location sensitive data in {@link TransportInfo} embedded in

     * {@link NetworkCapabilities#getTransportInfo()}. Some transport info instances like

     * {@link android.net.wifi.WifiInfo} contain location sensitive information. Retrieving

     * this location sensitive information (subject to app's location permissions) will be

     * noted by system. To include any location sensitive data in {@link TransportInfo},

     * use a {@link NetworkCallback} with

     * {@link NetworkCallback#FLAG_INCLUDE_LOCATION_INFO} flag.

     *

     * @param network The {@link Network} object identifying the network in question.

     * @return The {@link android.net.NetworkCapabilities} for the network, or {@code null}.

     * @return The {@link NetworkCapabilities} for the network, or {@code null}.

     */

    @RequiresPermission(android.Manifest.permission.ACCESS_NETWORK_STATE)

    @Nullable

     * A {@code NetworkCallback} that has been unregistered can be registered again.

     */

    public static class NetworkCallback {

        /**

         * No flags associated with this callback.

         * @hide

         */

        public static final int FLAG_NONE = 0;

        /**

         * Use this flag to include any location sensitive data in {@link NetworkCapabilities} sent

         * via {@link #onCapabilitiesChanged(Network, NetworkCapabilities)}.

         * <p>

         * These include:

         * <li> Some transport info instances (retrieved via

         * {@link NetworkCapabilities#getTransportInfo()}) like {@link android.net.wifi.WifiInfo}

         * contain location sensitive information.

         * <li> OwnerUid (retrieved via {@link NetworkCapabilities#getOwnerUid()} is location

         * sensitive for wifi suggestor apps (i.e using {@link WifiNetworkSuggestion}).</li>

         * </p>

         * <p>

         * Note:

         * <li> Retrieving this location sensitive information (subject to app's location

         * permissions) will be noted by system. </li>

         * <li> Without this flag any {@link NetworkCapabilities} provided via the callback does

         * not include location sensitive info.

         * </p>

         */

        public static final int FLAG_INCLUDE_LOCATION_INFO = 1 << 0;

        /** @hide */

        @Retention(RetentionPolicy.SOURCE)

        @IntDef(flag = true, prefix = "FLAG_", value = {

                FLAG_NONE,

                FLAG_INCLUDE_LOCATION_INFO

        })

        public @interface Flag { }

        /**

         * All the valid flags for error checking.

         */

        private static final int VALID_FLAGS = FLAG_INCLUDE_LOCATION_INFO;

        public NetworkCallback() {

            this(FLAG_NONE);

        }

        public NetworkCallback(@Flag int flags) {

            Preconditions.checkArgument((flags & VALID_FLAGS) == flags);

            mFlags = flags;

        }

        /**

         * Called when the framework connects to a new network to evaluate whether it satisfies this

         * request. If evaluation succeeds, this callback may be followed by an {@link #onAvailable}

         * calling these methods while in a callback may return an outdated or even a null object.

         *

         * @param network The {@link Network} whose capabilities have changed.

         * @param networkCapabilities The new {@link android.net.NetworkCapabilities} for this

         * @param networkCapabilities The new {@link NetworkCapabilities} for this

         *                            network.

         */

        public void onCapabilitiesChanged(@NonNull Network network,

        public void onBlockedStatusChanged(@NonNull Network network, boolean blocked) {}

        private NetworkRequest networkRequest;

        private final int mFlags;

    }

    /**

                }

                Messenger messenger = new Messenger(handler);

                Binder binder = new Binder();

                final int callbackFlags = callback.mFlags;

                if (reqType == LISTEN) {

                    request = mService.listenForNetwork(

                            need, messenger, binder, callingPackageName,

                            need, messenger, binder, callbackFlags, callingPackageName,

                            getAttributionTag());

                } else {

                    request = mService.requestNetwork(

                            need, reqType.ordinal(), messenger, timeoutMs, binder, legacyType,

                            callingPackageName, getAttributionTag());

                            callbackFlags, callingPackageName, getAttributionTag());

                }

                if (request != null) {

                    sCallbacks.put(request, callback);

    }

    /**

     * Request a network to satisfy a set of {@link android.net.NetworkCapabilities}.

     * Request a network to satisfy a set of {@link NetworkCapabilities}.

     *

     * <p>This method will attempt to find the best network that matches the passed

     * {@link NetworkRequest}, and to bring up one that does if none currently satisfies the

    }

    /**

     * Request a network to satisfy a set of {@link android.net.NetworkCapabilities}.

     * Request a network to satisfy a set of {@link NetworkCapabilities}.

     *

     * This method behaves identically to {@link #requestNetwork(NetworkRequest, NetworkCallback)}

     * but runs all the callbacks on the passed Handler.

    }

    /**

     * Request a network to satisfy a set of {@link android.net.NetworkCapabilities}, limited

     * Request a network to satisfy a set of {@link NetworkCapabilities}, limited

     * by a timeout.

     *

     * This function behaves identically to the non-timed-out version

    }

    /**

     * Request a network to satisfy a set of {@link android.net.NetworkCapabilities}, limited

     * Request a network to satisfy a set of {@link NetworkCapabilities}, limited

     * by a timeout.

     *

     * This method behaves identically to

    /**

     * Request a network to satisfy a set of {@link android.net.NetworkCapabilities}.

     * Request a network to satisfy a set of {@link NetworkCapabilities}.

     *

     * This function behaves identically to the version that takes a NetworkCallback, but instead

     * of {@link NetworkCallback} a {@link PendingIntent} is used.  This means

    }

    /**

     * Request a network to satisfy a set of {@link android.net.NetworkCapabilities}, but

     * Request a network to satisfy a set of {@link NetworkCapabilities}, but

     * does not cause any networks to retain the NET_CAPABILITY_FOREGROUND capability. This can

     * be used to request that the system provide a network without causing the network to be

     * in the foreground.

    NetworkRequest requestNetwork(in NetworkCapabilities networkCapabilities, int reqType,

            in Messenger messenger, int timeoutSec, in IBinder binder, int legacy,

            String callingPackageName, String callingAttributionTag);

            int callbackFlags, String callingPackageName, String callingAttributionTag);

    NetworkRequest pendingRequestForNetwork(in NetworkCapabilities networkCapabilities,

            in PendingIntent operation, String callingPackageName, String callingAttributionTag);

    void releasePendingNetworkRequest(in PendingIntent operation);

    NetworkRequest listenForNetwork(in NetworkCapabilities networkCapabilities,

            in Messenger messenger, in IBinder binder, String callingPackageName,

            in Messenger messenger, in IBinder binder, int callbackFlags, String callingPackageName,

            String callingAttributionTag);

    void pendingListenForNetwork(in NetworkCapabilities networkCapabilities,

import android.annotation.SystemApi;

import android.compat.annotation.UnsupportedAppUsage;

import android.net.ConnectivityManager.NetworkCallback;

import android.net.wifi.WifiNetworkSuggestion;

import android.os.Build;

import android.os.Parcel;

import android.os.Parcelable;

     *

     * Instances of NetworkCapabilities sent to apps without the appropriate permissions will have

     * this field cleared out.

     *

     * <p>

     * This field will only be populated for VPN and wifi network suggestor apps (i.e using

     * {@link WifiNetworkSuggestion}), and only for the network they own.

     * In the case of wifi network suggestors apps, this field is also location sensitive, so the

     * app needs to hold {@link android.Manifest.permission#ACCESS_FINE_LOCATION} permission. If the

     * app targets SDK version greater than or equal to {@link Build.VERSION_CODES#S}, then they

     * also need to use {@link NetworkCallback#FLAG_INCLUDE_LOCATION_INFO} to get the info in their

     * callback. The app will be blamed for location access if this field is included.

     * </p>

     */

    public int getOwnerUid() {

        return mOwnerUid;

import android.net.ConnectivityDiagnosticsManager.ConnectivityReport;

import android.net.ConnectivityDiagnosticsManager.DataStallReport;

import android.net.ConnectivityManager;

import android.net.ConnectivityManager.NetworkCallback;

import android.net.DataStallReportParcelable;

import android.net.DnsResolverServiceManager;

import android.net.ICaptivePortal;

        mNetworkRanker = new NetworkRanker();

        final NetworkRequest defaultInternetRequest = createDefaultRequest();

        mDefaultRequest = new NetworkRequestInfo(

                defaultInternetRequest, null, new Binder(),

                defaultInternetRequest, null,

                new Binder(), NetworkCallback.FLAG_INCLUDE_LOCATION_INFO,

                null /* attributionTags */);

        mNetworkRequests.put(defaultInternetRequest, mDefaultRequest);

        mDefaultNetworkRequests.add(mDefaultRequest);

        if (enable) {

            handleRegisterNetworkRequest(new NetworkRequestInfo(

                    networkRequest, null, new Binder(),

                    networkRequest, null,

                    new Binder(),

                    NetworkCallback.FLAG_INCLUDE_LOCATION_INFO,

                    null /* attributionTags */));

        } else {

            handleReleaseNetworkRequest(networkRequest, Process.SYSTEM_UID,

                result.put(

                        nai.network,

                        createWithLocationInfoSanitizedIfNecessaryWhenParceled(

                                nc, mDeps.getCallingUid(), callingPackageName,

                                callingAttributionTag));

                                nc, false /* includeLocationSensitiveInfo */,

                                mDeps.getCallingUid(), callingPackageName, callingAttributionTag));

            }

        }

                    result.put(

                            network,

                            createWithLocationInfoSanitizedIfNecessaryWhenParceled(

                                    nc, mDeps.getCallingUid(), callingPackageName,

                                    nc,

                                    false /* includeLocationSensitiveInfo */,

                                    mDeps.getCallingUid(), callingPackageName,

                                    callingAttributionTag));

                }

            }

        enforceAccessPermission();

        return createWithLocationInfoSanitizedIfNecessaryWhenParceled(

                getNetworkCapabilitiesInternal(network),

                false /* includeLocationSensitiveInfo */,

                mDeps.getCallingUid(), callingPackageName, callingAttributionTag);

    }

    @VisibleForTesting

    @Nullable

    NetworkCapabilities createWithLocationInfoSanitizedIfNecessaryWhenParceled(

            @Nullable NetworkCapabilities nc, int callerUid, @NonNull String callerPkgName,

            @Nullable String callingAttributionTag) {

            @Nullable NetworkCapabilities nc, boolean includeLocationSensitiveInfo,

            int callerUid, @NonNull String callerPkgName, @Nullable String callingAttributionTag) {

        if (nc == null) {

            return null;

        }

        final NetworkCapabilities newNc;

        // Avoid doing location permission check if the transport info has no location sensitive

        // data.

        if (nc.getTransportInfo() != null && nc.getTransportInfo().hasLocationSensitiveFields()) {

        if (includeLocationSensitiveInfo

                && nc.getTransportInfo() != null

                && nc.getTransportInfo().hasLocationSensitiveFields()) {

            hasLocationPermission =

                    hasLocationPermission(callerUid, callerPkgName, callingAttributionTag);

            newNc = new NetworkCapabilities(nc, hasLocationPermission);

            // Owner UIDs already checked above. No need to re-check.

            return newNc;

        }

        // If the caller does not want location sensitive data & target SDK >= S, then mask info.

        // Else include the owner UID iff the caller has location permission to provide backwards

        // compatibility for older apps.

        if (!includeLocationSensitiveInfo

                && isTargetSdkAtleast(

                        Build.VERSION_CODES.S, callerUid, callerPkgName)) {

            newNc.setOwnerUid(INVALID_UID);

            return newNc;

        }

        if (hasLocationPermission == null) {

            // Location permission not checked yet, check now for masking owner UID.

            hasLocationPermission =

        private final IBinder mBinder;

        final int mPid;

        final int mUid;

        final @NetworkCallback.Flag int mCallbackFlags;

        @Nullable

        final String mCallingAttributionTag;

        // In order to preserve the mapping of NetworkRequest-to-callback when apps register

            mPid = getCallingPid();

            mUid = mDeps.getCallingUid();

            mNetworkRequestCounter.incrementCountOrThrow(mUid);

            /**

             * Location sensitive data not included in pending intent. Only included in

             * {@link NetworkCallback}.

             */

            mCallbackFlags = NetworkCallback.FLAG_NONE;

            mCallingAttributionTag = callingAttributionTag;

        }

        NetworkRequestInfo(@NonNull final NetworkRequest r, @Nullable final Messenger m,

                @Nullable final IBinder binder, @Nullable String callingAttributionTag) {

            this(Collections.singletonList(r), r, m, binder, callingAttributionTag);

                @Nullable final IBinder binder,

                @NetworkCallback.Flag int callbackFlags,

                @Nullable String callingAttributionTag) {

            this(Collections.singletonList(r), r, m, binder, callbackFlags, callingAttributionTag);

        }

        NetworkRequestInfo(@NonNull final List<NetworkRequest> r,

                @NonNull final NetworkRequest requestForCallback, @Nullable final Messenger m,

                @Nullable final IBinder binder, @Nullable String callingAttributionTag) {

                @Nullable final IBinder binder,

                @NetworkCallback.Flag int callbackFlags,

                @Nullable String callingAttributionTag) {

            super();

            ensureAllNetworkRequestsHaveType(r);

            mRequests = initializeRequests(r);

            mUid = mDeps.getCallingUid();

            mPendingIntent = null;

            mNetworkRequestCounter.incrementCountOrThrow(mUid);

            mCallbackFlags = callbackFlags;

            mCallingAttributionTag = callingAttributionTag;

            try {

            mUid = nri.mUid;

            mPendingIntent = nri.mPendingIntent;

            mNetworkRequestCounter.incrementCountOrThrow(mUid);

            mCallbackFlags = nri.mCallbackFlags;

            mCallingAttributionTag = nri.mCallingAttributionTag;

        }

                    + " callback request Id: "

                    + mNetworkRequestForCallback.requestId

                    + " " + mRequests

                    + (mPendingIntent == null ? "" : " to trigger " + mPendingIntent);

                    + (mPendingIntent == null ? "" : " to trigger " + mPendingIntent)

                    + "callback flags: " + mCallbackFlags;

        }

    }

        }

    }

    private boolean checkUnsupportedStartingFrom(int version, String callingPackageName) {

        final UserHandle user = UserHandle.getUserHandleForUid(mDeps.getCallingUid());

    private boolean isTargetSdkAtleast(int version, int callingUid,

            @NonNull String callingPackageName) {

        final UserHandle user = UserHandle.getUserHandleForUid(callingUid);

        final PackageManager pm =

                mContext.createContextAsUser(user, 0 /* flags */).getPackageManager();

        try {

            final int callingVersion = pm.getApplicationInfo(

                    callingPackageName, 0 /* flags */).targetSdkVersion;

            final int callingVersion = pm.getTargetSdkVersion(callingPackageName);

            if (callingVersion < version) return false;

        } catch (PackageManager.NameNotFoundException e) { }

        return true;

    @Override

    public NetworkRequest requestNetwork(NetworkCapabilities networkCapabilities,

            int reqTypeInt, Messenger messenger, int timeoutMs, IBinder binder,

            int legacyType, @NonNull String callingPackageName,

            int legacyType, int callbackFlags, @NonNull String callingPackageName,

            @Nullable String callingAttributionTag) {

        if (legacyType != TYPE_NONE && !checkNetworkStackPermission()) {

            if (checkUnsupportedStartingFrom(Build.VERSION_CODES.M, callingPackageName)) {

            if (isTargetSdkAtleast(Build.VERSION_CODES.M, mDeps.getCallingUid(),

                    callingPackageName)) {

                throw new SecurityException("Insufficient permissions to specify legacy type");

            }

        }

        final NetworkRequest networkRequest = new NetworkRequest(networkCapabilities, legacyType,

                nextNetworkRequestId(), reqType);

        final NetworkRequestInfo nri = getNriToRegister(

                networkRequest, messenger, binder, callingAttributionTag);

                networkRequest, messenger, binder, callbackFlags, callingAttributionTag);

        if (DBG) log("requestNetwork for " + nri);

        // For TRACK_SYSTEM_DEFAULT callbacks, the capabilities have been modified since they were

     */

    private NetworkRequestInfo getNriToRegister(@NonNull final NetworkRequest nr,

            @Nullable final Messenger msgr, @Nullable final IBinder binder,

            @NetworkCallback.Flag int callbackFlags,

            @Nullable String callingAttributionTag) {

        final List<NetworkRequest> requests;

        if (NetworkRequest.Type.TRACK_DEFAULT == nr.type) {

        } else {

            requests = Collections.singletonList(nr);

        }

        return new NetworkRequestInfo(requests, nr, msgr, binder, callingAttributionTag);

        return new NetworkRequestInfo(

                requests, nr, msgr, binder, callbackFlags, callingAttributionTag);

    }

    private void enforceNetworkRequestPermissions(NetworkCapabilities networkCapabilities,

    @Override

    public NetworkRequest listenForNetwork(NetworkCapabilities networkCapabilities,

            Messenger messenger, IBinder binder, @NonNull String callingPackageName,

            @Nullable String callingAttributionTag) {

            Messenger messenger, IBinder binder,

            @NetworkCallback.Flag int callbackFlags,

            @NonNull String callingPackageName, @NonNull String callingAttributionTag) {

        final int callingUid = mDeps.getCallingUid();

        if (!hasWifiNetworkListenPermission(networkCapabilities)) {

            enforceAccessPermission();

        NetworkRequest networkRequest = new NetworkRequest(nc, TYPE_NONE, nextNetworkRequestId(),

                NetworkRequest.Type.LISTEN);

        NetworkRequestInfo nri =

                new NetworkRequestInfo(networkRequest, messenger, binder, callingAttributionTag);

                new NetworkRequestInfo(networkRequest, messenger, binder, callbackFlags,

                        callingAttributionTag);

        if (VDBG) log("listenForNetwork for " + nri);

        mHandler.sendMessage(mHandler.obtainMessage(EVENT_REGISTER_NETWORK_LISTENER, nri));

        if (notificationType != ConnectivityManager.CALLBACK_UNAVAIL) {

            putParcelable(bundle, networkAgent.network);

        }

        final boolean includeLocationSensitiveInfo =

                (nri.mCallbackFlags & NetworkCallback.FLAG_INCLUDE_LOCATION_INFO) != 0;

        switch (notificationType) {

            case ConnectivityManager.CALLBACK_AVAILABLE: {

                final NetworkCapabilities nc =

                putParcelable(

                        bundle,

                        createWithLocationInfoSanitizedIfNecessaryWhenParceled(

                                nc, nri.mUid, nrForCallback.getRequestorPackageName(),

                                nc, includeLocationSensitiveInfo, nri.mUid,

                                nrForCallback.getRequestorPackageName(),

                                nri.mCallingAttributionTag));

                putParcelable(bundle, linkPropertiesRestrictedForCallerPermissions(

                        networkAgent.linkProperties, nri.mPid, nri.mUid));

                putParcelable(

                        bundle,

                        createWithLocationInfoSanitizedIfNecessaryWhenParceled(

                                netCap, nri.mUid, nrForCallback.getRequestorPackageName(),

                                netCap, includeLocationSensitiveInfo, nri.mUid,

                                nrForCallback.getRequestorPackageName(),

                                nri.mCallingAttributionTag));

                break;

            }