Loading core/java/android/net/ConnectivityManager.java +2 −37 Original line number Diff line number Diff line Loading @@ -941,41 +941,6 @@ public class ConnectivityManager { return 1; } /** * Removes the NET_CAPABILITY_NOT_RESTRICTED capability from the given * NetworkCapabilities object if all the capabilities it provides are * typically provided by restricted networks. * * TODO: consider: * - Moving to NetworkCapabilities * - Renaming it to guessRestrictedCapability and make it set the * restricted capability bit in addition to clearing it. * @hide */ public static void maybeMarkCapabilitiesRestricted(NetworkCapabilities nc) { for (int capability : nc.getCapabilities()) { switch (capability) { case NetworkCapabilities.NET_CAPABILITY_CBS: case NetworkCapabilities.NET_CAPABILITY_DUN: case NetworkCapabilities.NET_CAPABILITY_EIMS: case NetworkCapabilities.NET_CAPABILITY_FOTA: case NetworkCapabilities.NET_CAPABILITY_IA: case NetworkCapabilities.NET_CAPABILITY_IMS: case NetworkCapabilities.NET_CAPABILITY_RCS: case NetworkCapabilities.NET_CAPABILITY_XCAP: case NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED: //there by default continue; default: // At least one capability usually provided by unrestricted // networks. Conclude that this network is unrestricted. return; } } // All the capabilities are typically provided by restricted networks. // Conclude that this network is restricted. nc.removeCapability(NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED); } private NetworkCapabilities networkCapabilitiesForFeature(int networkType, String feature) { if (networkType == TYPE_MOBILE) { int cap = -1; Loading @@ -998,14 +963,14 @@ public class ConnectivityManager { } NetworkCapabilities netCap = new NetworkCapabilities(); netCap.addTransportType(NetworkCapabilities.TRANSPORT_CELLULAR).addCapability(cap); maybeMarkCapabilitiesRestricted(netCap); netCap.maybeMarkCapabilitiesRestricted(); return netCap; } else if (networkType == TYPE_WIFI) { if ("p2p".equals(feature)) { NetworkCapabilities netCap = new NetworkCapabilities(); netCap.addTransportType(NetworkCapabilities.TRANSPORT_WIFI); netCap.addCapability(NetworkCapabilities.NET_CAPABILITY_WIFI_P2P); maybeMarkCapabilitiesRestricted(netCap); netCap.maybeMarkCapabilitiesRestricted(); return netCap; } } Loading core/java/android/net/NetworkCapabilities.java +40 −2 Original line number Diff line number Diff line Loading @@ -49,6 +49,7 @@ public final class NetworkCapabilities implements Parcelable { * @hide */ public NetworkCapabilities() { mNetworkCapabilities = DEFAULT_CAPABILITIES; } public NetworkCapabilities(NetworkCapabilities nc) { Loading @@ -65,8 +66,7 @@ public final class NetworkCapabilities implements Parcelable { * Represents the network's capabilities. If any are specified they will be satisfied * by any Network that matches all of them. */ private long mNetworkCapabilities = (1 << NET_CAPABILITY_NOT_RESTRICTED) | (1 << NET_CAPABILITY_TRUSTED) | (1 << NET_CAPABILITY_NOT_VPN); private long mNetworkCapabilities; /** * Indicates this is a network that has the ability to reach the Loading Loading @@ -170,6 +170,28 @@ public final class NetworkCapabilities implements Parcelable { private static final int MIN_NET_CAPABILITY = NET_CAPABILITY_MMS; private static final int MAX_NET_CAPABILITY = NET_CAPABILITY_NOT_VPN; /** * Capabilities that are set by default when the object is constructed. */ private static final long DEFAULT_CAPABILITIES = (1 << NET_CAPABILITY_NOT_RESTRICTED) | (1 << NET_CAPABILITY_TRUSTED) | (1 << NET_CAPABILITY_NOT_VPN); /** * Capabilities that suggest that a network is restricted. * {@see #maybeMarkCapabilitiesRestricted}. */ private static final long RESTRICTED_CAPABILITIES = (1 << NET_CAPABILITY_CBS) | (1 << NET_CAPABILITY_DUN) | (1 << NET_CAPABILITY_EIMS) | (1 << NET_CAPABILITY_FOTA) | (1 << NET_CAPABILITY_IA) | (1 << NET_CAPABILITY_IMS) | (1 << NET_CAPABILITY_RCS) | (1 << NET_CAPABILITY_XCAP); /** * Adds the given capability to this {@code NetworkCapability} instance. * Multiple capabilities may be applied sequentially. Note that when searching Loading Loading @@ -251,6 +273,22 @@ public final class NetworkCapabilities implements Parcelable { return (nc.mNetworkCapabilities == this.mNetworkCapabilities); } /** * Removes the NET_CAPABILITY_NOT_RESTRICTED capability if all the capabilities it provides are * typically provided by restricted networks. * * TODO: consider: * - Renaming it to guessRestrictedCapability and make it set the * restricted capability bit in addition to clearing it. * @hide */ public void maybeMarkCapabilitiesRestricted() { // If all the capabilities are typically provided by restricted networks, conclude that this // network is restricted. if ((mNetworkCapabilities & ~(DEFAULT_CAPABILITIES | RESTRICTED_CAPABILITIES)) == 0) removeCapability(NET_CAPABILITY_NOT_RESTRICTED); } /** * Representing the transport type. Apps should generally not care about transport. A * request for a fast internet connection could be satisfied by a number of different Loading core/java/android/net/NetworkRequest.java +7 −1 Original line number Diff line number Diff line Loading @@ -85,7 +85,13 @@ public class NetworkRequest implements Parcelable { * Build {@link NetworkRequest} give the current set of capabilities. */ public NetworkRequest build() { return new NetworkRequest(mNetworkCapabilities, ConnectivityManager.TYPE_NONE, // Make a copy of mNetworkCapabilities so we don't inadvertently remove NOT_RESTRICTED // when later an unrestricted capability could be added to mNetworkCapabilities, in // which case NOT_RESTRICTED should be returned to mNetworkCapabilities, which // maybeMarkCapabilitiesRestricted() doesn't add back. final NetworkCapabilities nc = new NetworkCapabilities(mNetworkCapabilities); nc.maybeMarkCapabilitiesRestricted(); return new NetworkRequest(nc, ConnectivityManager.TYPE_NONE, ConnectivityManager.REQUEST_ID_UNSET); } Loading core/java/android/os/INetworkManagementService.aidl +10 −1 Original line number Diff line number Diff line Loading @@ -367,8 +367,10 @@ interface INetworkManagementService /** * Setup a new physical network. * @param permission null if no permissions required to access this network. PERMISSION_NETWORK * or PERMISSION_SYSTEM to set respective permission. */ void createPhysicalNetwork(int netId); void createPhysicalNetwork(int netId, String permission); /** * Setup a new VPN. Loading @@ -395,6 +397,13 @@ interface INetworkManagementService void setDefaultNetId(int netId); void clearDefaultNetId(); /** * Set permission for a network. * @param permission null to clear permissions. PERMISSION_NETWORK or PERMISSION_SYSTEM to set * permission. */ void setNetworkPermission(int netId, String permission); void setPermission(String permission, in int[] uids); void clearPermission(in int[] uids); Loading services/core/java/com/android/server/ConnectivityService.java +15 −1 Original line number Diff line number Diff line Loading @@ -37,6 +37,7 @@ import static android.net.ConnectivityManager.TYPE_WIMAX; import static android.net.ConnectivityManager.TYPE_PROXY; import static android.net.ConnectivityManager.getNetworkTypeName; import static android.net.ConnectivityManager.isNetworkTypeValid; import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED; import static android.net.NetworkPolicyManager.RULE_ALLOW_ALL; import static android.net.NetworkPolicyManager.RULE_REJECT_METERED; Loading Loading @@ -3707,6 +3708,16 @@ public class ConnectivityService extends IConnectivityManager.Stub { // TODO - turn this on in MR1 when we have more dogfooding time. // rematchAllNetworksAndRequests(); if (!Objects.equals(networkAgent.networkCapabilities, networkCapabilities)) { if (networkAgent.networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) != networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED)) { try { mNetd.setNetworkPermission(networkAgent.network.netId, networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) ? null : NetworkManagementService.PERMISSION_SYSTEM); } catch (RemoteException e) { loge("Exception in setNetworkPermission: " + e); } } synchronized (networkAgent) { networkAgent.networkCapabilities = networkCapabilities; } Loading Loading @@ -4075,7 +4086,10 @@ public class ConnectivityService extends IConnectivityManager.Stub { (networkAgent.networkMisc == null || !networkAgent.networkMisc.allowBypass)); } else { mNetd.createPhysicalNetwork(networkAgent.network.netId); mNetd.createPhysicalNetwork(networkAgent.network.netId, networkAgent.networkCapabilities.hasCapability( NET_CAPABILITY_NOT_RESTRICTED) ? null : NetworkManagementService.PERMISSION_SYSTEM); } } catch (Exception e) { loge("Error creating network " + networkAgent.network.netId + ": " Loading Loading
core/java/android/net/ConnectivityManager.java +2 −37 Original line number Diff line number Diff line Loading @@ -941,41 +941,6 @@ public class ConnectivityManager { return 1; } /** * Removes the NET_CAPABILITY_NOT_RESTRICTED capability from the given * NetworkCapabilities object if all the capabilities it provides are * typically provided by restricted networks. * * TODO: consider: * - Moving to NetworkCapabilities * - Renaming it to guessRestrictedCapability and make it set the * restricted capability bit in addition to clearing it. * @hide */ public static void maybeMarkCapabilitiesRestricted(NetworkCapabilities nc) { for (int capability : nc.getCapabilities()) { switch (capability) { case NetworkCapabilities.NET_CAPABILITY_CBS: case NetworkCapabilities.NET_CAPABILITY_DUN: case NetworkCapabilities.NET_CAPABILITY_EIMS: case NetworkCapabilities.NET_CAPABILITY_FOTA: case NetworkCapabilities.NET_CAPABILITY_IA: case NetworkCapabilities.NET_CAPABILITY_IMS: case NetworkCapabilities.NET_CAPABILITY_RCS: case NetworkCapabilities.NET_CAPABILITY_XCAP: case NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED: //there by default continue; default: // At least one capability usually provided by unrestricted // networks. Conclude that this network is unrestricted. return; } } // All the capabilities are typically provided by restricted networks. // Conclude that this network is restricted. nc.removeCapability(NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED); } private NetworkCapabilities networkCapabilitiesForFeature(int networkType, String feature) { if (networkType == TYPE_MOBILE) { int cap = -1; Loading @@ -998,14 +963,14 @@ public class ConnectivityManager { } NetworkCapabilities netCap = new NetworkCapabilities(); netCap.addTransportType(NetworkCapabilities.TRANSPORT_CELLULAR).addCapability(cap); maybeMarkCapabilitiesRestricted(netCap); netCap.maybeMarkCapabilitiesRestricted(); return netCap; } else if (networkType == TYPE_WIFI) { if ("p2p".equals(feature)) { NetworkCapabilities netCap = new NetworkCapabilities(); netCap.addTransportType(NetworkCapabilities.TRANSPORT_WIFI); netCap.addCapability(NetworkCapabilities.NET_CAPABILITY_WIFI_P2P); maybeMarkCapabilitiesRestricted(netCap); netCap.maybeMarkCapabilitiesRestricted(); return netCap; } } Loading
core/java/android/net/NetworkCapabilities.java +40 −2 Original line number Diff line number Diff line Loading @@ -49,6 +49,7 @@ public final class NetworkCapabilities implements Parcelable { * @hide */ public NetworkCapabilities() { mNetworkCapabilities = DEFAULT_CAPABILITIES; } public NetworkCapabilities(NetworkCapabilities nc) { Loading @@ -65,8 +66,7 @@ public final class NetworkCapabilities implements Parcelable { * Represents the network's capabilities. If any are specified they will be satisfied * by any Network that matches all of them. */ private long mNetworkCapabilities = (1 << NET_CAPABILITY_NOT_RESTRICTED) | (1 << NET_CAPABILITY_TRUSTED) | (1 << NET_CAPABILITY_NOT_VPN); private long mNetworkCapabilities; /** * Indicates this is a network that has the ability to reach the Loading Loading @@ -170,6 +170,28 @@ public final class NetworkCapabilities implements Parcelable { private static final int MIN_NET_CAPABILITY = NET_CAPABILITY_MMS; private static final int MAX_NET_CAPABILITY = NET_CAPABILITY_NOT_VPN; /** * Capabilities that are set by default when the object is constructed. */ private static final long DEFAULT_CAPABILITIES = (1 << NET_CAPABILITY_NOT_RESTRICTED) | (1 << NET_CAPABILITY_TRUSTED) | (1 << NET_CAPABILITY_NOT_VPN); /** * Capabilities that suggest that a network is restricted. * {@see #maybeMarkCapabilitiesRestricted}. */ private static final long RESTRICTED_CAPABILITIES = (1 << NET_CAPABILITY_CBS) | (1 << NET_CAPABILITY_DUN) | (1 << NET_CAPABILITY_EIMS) | (1 << NET_CAPABILITY_FOTA) | (1 << NET_CAPABILITY_IA) | (1 << NET_CAPABILITY_IMS) | (1 << NET_CAPABILITY_RCS) | (1 << NET_CAPABILITY_XCAP); /** * Adds the given capability to this {@code NetworkCapability} instance. * Multiple capabilities may be applied sequentially. Note that when searching Loading Loading @@ -251,6 +273,22 @@ public final class NetworkCapabilities implements Parcelable { return (nc.mNetworkCapabilities == this.mNetworkCapabilities); } /** * Removes the NET_CAPABILITY_NOT_RESTRICTED capability if all the capabilities it provides are * typically provided by restricted networks. * * TODO: consider: * - Renaming it to guessRestrictedCapability and make it set the * restricted capability bit in addition to clearing it. * @hide */ public void maybeMarkCapabilitiesRestricted() { // If all the capabilities are typically provided by restricted networks, conclude that this // network is restricted. if ((mNetworkCapabilities & ~(DEFAULT_CAPABILITIES | RESTRICTED_CAPABILITIES)) == 0) removeCapability(NET_CAPABILITY_NOT_RESTRICTED); } /** * Representing the transport type. Apps should generally not care about transport. A * request for a fast internet connection could be satisfied by a number of different Loading
core/java/android/net/NetworkRequest.java +7 −1 Original line number Diff line number Diff line Loading @@ -85,7 +85,13 @@ public class NetworkRequest implements Parcelable { * Build {@link NetworkRequest} give the current set of capabilities. */ public NetworkRequest build() { return new NetworkRequest(mNetworkCapabilities, ConnectivityManager.TYPE_NONE, // Make a copy of mNetworkCapabilities so we don't inadvertently remove NOT_RESTRICTED // when later an unrestricted capability could be added to mNetworkCapabilities, in // which case NOT_RESTRICTED should be returned to mNetworkCapabilities, which // maybeMarkCapabilitiesRestricted() doesn't add back. final NetworkCapabilities nc = new NetworkCapabilities(mNetworkCapabilities); nc.maybeMarkCapabilitiesRestricted(); return new NetworkRequest(nc, ConnectivityManager.TYPE_NONE, ConnectivityManager.REQUEST_ID_UNSET); } Loading
core/java/android/os/INetworkManagementService.aidl +10 −1 Original line number Diff line number Diff line Loading @@ -367,8 +367,10 @@ interface INetworkManagementService /** * Setup a new physical network. * @param permission null if no permissions required to access this network. PERMISSION_NETWORK * or PERMISSION_SYSTEM to set respective permission. */ void createPhysicalNetwork(int netId); void createPhysicalNetwork(int netId, String permission); /** * Setup a new VPN. Loading @@ -395,6 +397,13 @@ interface INetworkManagementService void setDefaultNetId(int netId); void clearDefaultNetId(); /** * Set permission for a network. * @param permission null to clear permissions. PERMISSION_NETWORK or PERMISSION_SYSTEM to set * permission. */ void setNetworkPermission(int netId, String permission); void setPermission(String permission, in int[] uids); void clearPermission(in int[] uids); Loading
services/core/java/com/android/server/ConnectivityService.java +15 −1 Original line number Diff line number Diff line Loading @@ -37,6 +37,7 @@ import static android.net.ConnectivityManager.TYPE_WIMAX; import static android.net.ConnectivityManager.TYPE_PROXY; import static android.net.ConnectivityManager.getNetworkTypeName; import static android.net.ConnectivityManager.isNetworkTypeValid; import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED; import static android.net.NetworkPolicyManager.RULE_ALLOW_ALL; import static android.net.NetworkPolicyManager.RULE_REJECT_METERED; Loading Loading @@ -3707,6 +3708,16 @@ public class ConnectivityService extends IConnectivityManager.Stub { // TODO - turn this on in MR1 when we have more dogfooding time. // rematchAllNetworksAndRequests(); if (!Objects.equals(networkAgent.networkCapabilities, networkCapabilities)) { if (networkAgent.networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) != networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED)) { try { mNetd.setNetworkPermission(networkAgent.network.netId, networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) ? null : NetworkManagementService.PERMISSION_SYSTEM); } catch (RemoteException e) { loge("Exception in setNetworkPermission: " + e); } } synchronized (networkAgent) { networkAgent.networkCapabilities = networkCapabilities; } Loading Loading @@ -4075,7 +4086,10 @@ public class ConnectivityService extends IConnectivityManager.Stub { (networkAgent.networkMisc == null || !networkAgent.networkMisc.allowBypass)); } else { mNetd.createPhysicalNetwork(networkAgent.network.netId); mNetd.createPhysicalNetwork(networkAgent.network.netId, networkAgent.networkCapabilities.hasCapability( NET_CAPABILITY_NOT_RESTRICTED) ? null : NetworkManagementService.PERMISSION_SYSTEM); } } catch (Exception e) { loge("Error creating network " + networkAgent.network.netId + ": " Loading
