[VCN07] Bypass VCN for non-internet app accessible cellular services

package android.net;

import static android.net.NetworkCapabilities.NET_CAPABILITY_CAPTIVE_PORTAL;

import static android.net.NetworkCapabilities.NET_CAPABILITY_DUN;

import static android.net.NetworkCapabilities.NET_CAPABILITY_FOREGROUND;

import static android.net.NetworkCapabilities.NET_CAPABILITY_INTERNET;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_CONGESTED;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_METERED;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_ROAMING;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_SUSPENDED;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_VCN_MANAGED;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_VPN;

import static android.net.NetworkCapabilities.NET_CAPABILITY_PARTIAL_CONNECTIVITY;

import static android.net.NetworkCapabilities.NET_CAPABILITY_TEMPORARILY_NOT_METERED;

import static android.net.NetworkCapabilities.NET_CAPABILITY_TRUSTED;

import static android.net.NetworkCapabilities.NET_CAPABILITY_VALIDATED;

import android.annotation.NonNull;

import android.annotation.Nullable;

import android.annotation.RequiresPermission;

import android.text.TextUtils;

import android.util.proto.ProtoOutputStream;

import java.util.Arrays;

import java.util.List;

import java.util.Objects;

import java.util.Set;

     * needed in terms of {@link NetworkCapabilities} features

     */

    public static class Builder {

        /**

         * Capabilities that are currently compatible with VCN networks.

         */

        private static final List<Integer> VCN_SUPPORTED_CAPABILITIES = Arrays.asList(

                NET_CAPABILITY_CAPTIVE_PORTAL,

                NET_CAPABILITY_DUN,

                NET_CAPABILITY_FOREGROUND,

                NET_CAPABILITY_INTERNET,

                NET_CAPABILITY_NOT_CONGESTED,

                NET_CAPABILITY_NOT_METERED,

                NET_CAPABILITY_NOT_RESTRICTED,

                NET_CAPABILITY_NOT_ROAMING,

                NET_CAPABILITY_NOT_SUSPENDED,

                NET_CAPABILITY_NOT_VPN,

                NET_CAPABILITY_PARTIAL_CONNECTIVITY,

                NET_CAPABILITY_TEMPORARILY_NOT_METERED,

                NET_CAPABILITY_TRUSTED,

                NET_CAPABILITY_VALIDATED);

        private final NetworkCapabilities mNetworkCapabilities;

        // A boolean that represents the user modified NOT_VCN_MANAGED capability.

        private boolean mModifiedNotVcnManaged = false;

        /**

         * Default constructor for Builder.

         */

            // maybeMarkCapabilitiesRestricted() doesn't add back.

            final NetworkCapabilities nc = new NetworkCapabilities(mNetworkCapabilities);

            nc.maybeMarkCapabilitiesRestricted();

            deduceNotVcnManagedCapability(nc);

            return new NetworkRequest(nc, ConnectivityManager.TYPE_NONE,

                    ConnectivityManager.REQUEST_ID_UNSET, Type.NONE);

        }

         */

        public Builder addCapability(@NetworkCapabilities.NetCapability int capability) {

            mNetworkCapabilities.addCapability(capability);

            if (capability == NetworkCapabilities.NET_CAPABILITY_NOT_VCN_MANAGED) {

                mModifiedNotVcnManaged = true;

            }

            return this;

        }

         */

        public Builder removeCapability(@NetworkCapabilities.NetCapability int capability) {

            mNetworkCapabilities.removeCapability(capability);

            if (capability == NetworkCapabilities.NET_CAPABILITY_NOT_VCN_MANAGED) {

                mModifiedNotVcnManaged = true;

            }

            return this;

        }

        @NonNull

        public Builder clearCapabilities() {

            mNetworkCapabilities.clearAll();

            // If the caller explicitly clear all capabilities, the NOT_VCN_MANAGED capabilities

            // should not be add back later.

            mModifiedNotVcnManaged = true;

            return this;

        }

            mNetworkCapabilities.setSignalStrength(signalStrength);

            return this;

        }

        /**

         * Deduce the NET_CAPABILITY_NOT_VCN_MANAGED capability from other capabilities

         * and user intention, which includes:

         *   1. For the requests that don't have anything besides

         *      {@link #VCN_SUPPORTED_CAPABILITIES}, add the NET_CAPABILITY_NOT_VCN_MANAGED to

         *      allow the callers automatically utilize VCN networks if available.

         *   2. For the requests that explicitly add or remove NET_CAPABILITY_NOT_VCN_MANAGED,

         *      do not alter them to allow user fire request that suits their need.

         *

         * @hide

         */

        private void deduceNotVcnManagedCapability(final NetworkCapabilities nc) {

            if (mModifiedNotVcnManaged) return;

            for (final int cap : nc.getCapabilities()) {

                if (!VCN_SUPPORTED_CAPABILITIES.contains(cap)) return;

            }

            nc.addCapability(NET_CAPABILITY_NOT_VCN_MANAGED);

        }

    }

    // implement the Parcelable interface

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_ROAMING;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_SUSPENDED;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_VCN_MANAGED;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_VPN;

import static android.net.NetworkCapabilities.NET_CAPABILITY_OEM_PAID;

import static android.net.NetworkCapabilities.NET_CAPABILITY_OEM_PRIVATE;

    private static NetworkCapabilities createDefaultNetworkCapabilitiesForUid(int uid) {

        final NetworkCapabilities netCap = new NetworkCapabilities();

        netCap.addCapability(NET_CAPABILITY_INTERNET);

        netCap.addCapability(NET_CAPABILITY_NOT_VCN_MANAGED);

        netCap.removeCapability(NET_CAPABILITY_NOT_VPN);

        netCap.setSingleUid(uid);

        return netCap;

            int transportType, NetworkRequest.Type type) {

        final NetworkCapabilities netCap = new NetworkCapabilities();

        netCap.addCapability(NET_CAPABILITY_INTERNET);

        netCap.addCapability(NET_CAPABILITY_NOT_VCN_MANAGED);

        netCap.setRequestorUidAndPackageName(Process.myUid(), mContext.getPackageName());

        if (transportType > TYPE_NONE) {

            netCap.addTransportType(transportType);

package com.android.server;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_SUSPENDED;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_VCN_MANAGED;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_VPN;

import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR;

import static android.net.NetworkCapabilities.TRANSPORT_ETHERNET;

        final String typeName = ConnectivityManager.getNetworkTypeName(type);

        mNetworkCapabilities = (ncTemplate != null) ? ncTemplate : new NetworkCapabilities();

        mNetworkCapabilities.addCapability(NET_CAPABILITY_NOT_SUSPENDED);

        mNetworkCapabilities.addCapability(NET_CAPABILITY_NOT_VCN_MANAGED);

        mNetworkCapabilities.addTransportType(transport);

        switch (transport) {

            case TRANSPORT_ETHERNET:

        NetworkCapabilities filter = new NetworkCapabilities();

        filter.addCapability(capability);

        // Add NOT_VCN_MANAGED capability into filter unconditionally since some request will add

        // NOT_VCN_MANAGED automatically but not for NetworkCapabilities,

        // see {@code NetworkCapabilities#deduceNotVcnManagedCapability} for more details.

        filter.addCapability(NET_CAPABILITY_NOT_VCN_MANAGED);

        final HandlerThread handlerThread = new HandlerThread("testNetworkFactoryRequests");

        handlerThread.start();

        final MockNetworkFactory testFactory = new MockNetworkFactory(handlerThread.getLooper(),

        handlerThread.start();

        NetworkCapabilities filter = new NetworkCapabilities()

                .addTransportType(TRANSPORT_CELLULAR)

                .addCapability(NET_CAPABILITY_NOT_VCN_MANAGED)

                .addCapability(NET_CAPABILITY_INTERNET);

        final MockNetworkFactory testFactory = new MockNetworkFactory(handlerThread.getLooper(),

                mServiceContext, "testFactory", filter);

                .addTransportType(TRANSPORT_CELLULAR)

                .addCapability(NET_CAPABILITY_INTERNET)

                .addCapability(NET_CAPABILITY_NOT_CONGESTED)

                .addCapability(NET_CAPABILITY_NOT_VCN_MANAGED)

                .setLinkDownstreamBandwidthKbps(10);

        final NetworkCapabilities wifiNc = new NetworkCapabilities()

                .addTransportType(TRANSPORT_WIFI)

                .addCapability(NET_CAPABILITY_NOT_ROAMING)

                .addCapability(NET_CAPABILITY_NOT_CONGESTED)

                .addCapability(NET_CAPABILITY_NOT_SUSPENDED)

                .addCapability(NET_CAPABILITY_NOT_VCN_MANAGED)

                .setLinkUpstreamBandwidthKbps(20);

        mCellNetworkAgent.setNetworkCapabilities(cellNc, true /* sendToConnectivityService */);

        mWiFiNetworkAgent.setNetworkCapabilities(wifiNc, true /* sendToConnectivityService */);

            mWiFiNetworkAgent.removeCapability(testCap);

            callbackWithCap.expectAvailableCallbacksValidated(mCellNetworkAgent);

            callbackWithoutCap.expectCapabilitiesWithout(testCap, mWiFiNetworkAgent);

            // TODO: Test default network changes for NOT_VCN_MANAGED once the default request has

            //  it.

            if (testCap == NET_CAPABILITY_TRUSTED) {

            verify(mMockNetd).networkSetDefault(eq(mCellNetworkAgent.getNetwork().netId));

            reset(mMockNetd);

            }

            mCellNetworkAgent.removeCapability(testCap);

            callbackWithCap.expectCallback(CallbackEntry.LOST, mCellNetworkAgent);

            callbackWithoutCap.assertNoCallback();

            if (testCap == NET_CAPABILITY_TRUSTED) {

            verify(mMockNetd).networkClearDefault();

            }

            mCm.unregisterNetworkCallback(callbackWithCap);

            mCm.unregisterNetworkCallback(callbackWithoutCap);