Merge "Resolve merge conflicts of 69791b68 to master"

package android.net;

import android.content.Context;

import android.net.ConnectivityManager.PacketKeepalive;

import android.os.Bundle;

import android.os.Handler;

import android.os.Looper;

import com.android.internal.util.AsyncChannel;

import com.android.internal.util.Protocol;

import android.net.ConnectivityManager.PacketKeepalive;

import java.util.ArrayList;

import java.util.concurrent.atomic.AtomicBoolean;

     */

    public static final int EVENT_NETWORK_SCORE_CHANGED = BASE + 4;

    /**

     * Sent by the NetworkAgent to ConnectivityService to add new UID ranges

     * to be forced into this Network.  For VPNs only.

     * obj = UidRange[] to forward

     */

    public static final int EVENT_UID_RANGES_ADDED = BASE + 5;

    /**

     * Sent by the NetworkAgent to ConnectivityService to remove UID ranges

     * from being forced into this Network.  For VPNs only.

     * obj = UidRange[] to stop forwarding

     */

    public static final int EVENT_UID_RANGES_REMOVED = BASE + 6;

    /**

     * Sent by ConnectivityService to the NetworkAgent to inform the agent of the

     * networks status - whether we could use the network or could not, due to

        queueOrSendMessage(EVENT_NETWORK_SCORE_CHANGED, new Integer(score));

    }

    /**

     * Called by the VPN code when it wants to add ranges of UIDs to be routed

     * through the VPN network.

     */

    public void addUidRanges(UidRange[] ranges) {

        queueOrSendMessage(EVENT_UID_RANGES_ADDED, ranges);

    }

    /**

     * Called by the VPN code when it wants to remove ranges of UIDs from being routed

     * through the VPN network.

     */

    public void removeUidRanges(UidRange[] ranges) {

        queueOrSendMessage(EVENT_UID_RANGES_REMOVED, ranges);

    }

    /**

     * Called by the bearer to indicate this network was manually selected by the user.

     * This should be called before the NetworkInfo is marked CONNECTED so that this

import android.net.ConnectivityManager.NetworkCallback;

import android.os.Parcel;

import android.os.Parcelable;

import android.util.ArraySet;

import android.util.proto.ProtoOutputStream;

import com.android.internal.annotations.VisibleForTesting;

import java.lang.annotation.Retention;

import java.lang.annotation.RetentionPolicy;

import java.util.Objects;

import java.util.Set;

import java.util.StringJoiner;

/**

 */

public final class NetworkCapabilities implements Parcelable {

    private static final String TAG = "NetworkCapabilities";

    private static final int INVALID_UID = -1;

    /**

     * @hide

            mLinkDownBandwidthKbps = nc.mLinkDownBandwidthKbps;

            mNetworkSpecifier = nc.mNetworkSpecifier;

            mSignalStrength = nc.mSignalStrength;

            mUids = nc.mUids;

            mEstablishingVpnAppUid = nc.mEstablishingVpnAppUid;

        }

    }

        mLinkUpBandwidthKbps = mLinkDownBandwidthKbps = LINK_BANDWIDTH_UNSPECIFIED;

        mNetworkSpecifier = null;

        mSignalStrength = SIGNAL_STRENGTH_UNSPECIFIED;

        mUids = null;

        mEstablishingVpnAppUid = INVALID_UID;

    }

    /**

        return (nc.mTransportTypes == this.mTransportTypes);

    }

    /**

     * UID of the app that manages this network, or INVALID_UID if none/unknown.

     *

     * This field keeps track of the UID of the app that created this network and is in charge

     * of managing it. In the practice, it is used to store the UID of VPN apps so it is named

     * accordingly, but it may be renamed if other mechanisms are offered for third party apps

     * to create networks.

     *

     * Because this field is only used in the services side (and to avoid apps being able to

     * set this to whatever they want), this field is not parcelled and will not be conserved

     * across the IPC boundary.

     * @hide

     */

    private int mEstablishingVpnAppUid = INVALID_UID;

    /**

     * Set the UID of the managing app.

     * @hide

     */

    public void setEstablishingVpnAppUid(final int uid) {

        mEstablishingVpnAppUid = uid;

    }

    /**

     * Value indicating that link bandwidth is unspecified.

     * @hide

        return this.mSignalStrength == nc.mSignalStrength;

    }

    /**

     * List of UIDs this network applies to. No restriction if null.

     * <p>

     * This is typically (and at this time, only) used by VPN. This network is only available to

     * the UIDs in this list, and it is their default network. Apps in this list that wish to

     * bypass the VPN can do so iff the VPN app allows them to or if they are privileged. If this

     * member is null, then the network is not restricted by app UID. If it's an empty list, then

     * it means nobody can use it.

     * As a special exception, the app managing this network (as identified by its UID stored in

     * mEstablishingVpnAppUid) can always see this network. This is embodied by a special check in

     * satisfiedByUids. That still does not mean the network necessarily <strong>applies</strong>

     * to the app that manages it as determined by #appliesToUid.

     * <p>

     * Please note that in principle a single app can be associated with multiple UIDs because

     * each app will have a different UID when it's run as a different (macro-)user. A single

     * macro user can only have a single active VPN app at any given time however.

     * <p>

     * Also please be aware this class does not try to enforce any normalization on this. Callers

     * can only alter the UIDs by setting them wholesale : this class does not provide any utility

     * to add or remove individual UIDs or ranges. If callers have any normalization needs on

     * their own (like requiring sortedness or no overlap) they need to enforce it

     * themselves. Some of the internal methods also assume this is normalized as in no adjacent

     * or overlapping ranges are present.

     *

     * @hide

     */

    private Set<UidRange> mUids = null;

    /**

     * Convenience method to set the UIDs this network applies to to a single UID.

     * @hide

     */

    public NetworkCapabilities setSingleUid(int uid) {

        final ArraySet<UidRange> identity = new ArraySet<>(1);

        identity.add(new UidRange(uid, uid));

        setUids(identity);

        return this;

    }

    /**

     * Set the list of UIDs this network applies to.

     * This makes a copy of the set so that callers can't modify it after the call.

     * @hide

     */

    public NetworkCapabilities setUids(Set<UidRange> uids) {

        if (null == uids) {

            mUids = null;

        } else {

            mUids = new ArraySet<>(uids);

        }

        return this;

    }

    /**

     * Get the list of UIDs this network applies to.

     * This returns a copy of the set so that callers can't modify the original object.

     * @hide

     */

    public Set<UidRange> getUids() {

        return null == mUids ? null : new ArraySet<>(mUids);

    }

    /**

     * Test whether this network applies to this UID.

     * @hide

     */

    public boolean appliesToUid(int uid) {

        if (null == mUids) return true;

        for (UidRange range : mUids) {

            if (range.contains(uid)) {

                return true;

            }

        }

        return false;

    }

    /**

     * Tests if the set of UIDs that this network applies to is the same of the passed set of UIDs.

     * <p>

     * This test only checks whether equal range objects are in both sets. It will

     * return false if the ranges are not exactly the same, even if the covered UIDs

     * are for an equivalent result.

     * <p>

     * Note that this method is not very optimized, which is fine as long as it's not used very

     * often.

     * <p>

     * nc is assumed nonnull.

     *

     * @hide

     */

    @VisibleForTesting

    public boolean equalsUids(NetworkCapabilities nc) {

        Set<UidRange> comparedUids = nc.mUids;

        if (null == comparedUids) return null == mUids;

        if (null == mUids) return false;

        // Make a copy so it can be mutated to check that all ranges in mUids

        // also are in uids.

        final Set<UidRange> uids = new ArraySet<>(mUids);

        for (UidRange range : comparedUids) {

            if (!uids.contains(range)) {

                return false;

            }

            uids.remove(range);

        }

        return uids.isEmpty();

    }

    /**

     * Test whether the passed NetworkCapabilities satisfies the UIDs this capabilities require.

     *

     * This method is called on the NetworkCapabilities embedded in a request with the

     * capabilities of an available network. It checks whether all the UIDs from this listen

     * (representing the UIDs that must have access to the network) are satisfied by the UIDs

     * in the passed nc (representing the UIDs that this network is available to).

     * <p>

     * As a special exception, the UID that created the passed network (as represented by its

     * mEstablishingVpnAppUid field) always satisfies a NetworkRequest requiring it (of LISTEN

     * or REQUEST types alike), even if the network does not apply to it. That is so a VPN app

     * can see its own network when it listens for it.

     * <p>

     * nc is assumed nonnull. Else, NPE.

     * @see #appliesToUid

     * @hide

     */

    public boolean satisfiedByUids(NetworkCapabilities nc) {

        if (null == nc.mUids) return true; // The network satisfies everything.

        if (null == mUids) return false; // Not everything allowed but requires everything

        for (UidRange requiredRange : mUids) {

            if (requiredRange.contains(nc.mEstablishingVpnAppUid)) return true;

            if (!nc.appliesToUidRange(requiredRange)) {

                return false;

            }

        }

        return true;

    }

    /**

     * Returns whether this network applies to the passed ranges.

     * This assumes that to apply, the passed range has to be entirely contained

     * within one of the ranges this network applies to. If the ranges are not normalized,

     * this method may return false even though all required UIDs are covered because no

     * single range contained them all.

     * @hide

     */

    @VisibleForTesting

    public boolean appliesToUidRange(UidRange requiredRange) {

        if (null == mUids) return true;

        for (UidRange uidRange : mUids) {

            if (uidRange.containsRange(requiredRange)) {

                return true;

            }

        }

        return false;

    }

    /**

     * Combine the UIDs this network currently applies to with the UIDs the passed

     * NetworkCapabilities apply to.

     * nc is assumed nonnull.

     */

    private void combineUids(NetworkCapabilities nc) {

        if (null == nc.mUids || null == mUids) {

            mUids = null;

            return;

        }

        mUids.addAll(nc.mUids);

    }

    /**

     * Combine a set of Capabilities to this one.  Useful for coming up with the complete set

     * @hide

        combineLinkBandwidths(nc);

        combineSpecifiers(nc);

        combineSignalStrength(nc);

        combineUids(nc);

    }

    /**

     * @hide

     */

    private boolean satisfiedByNetworkCapabilities(NetworkCapabilities nc, boolean onlyImmutable) {

        return (nc != null &&

                satisfiedByNetCapabilities(nc, onlyImmutable) &&

                satisfiedByTransportTypes(nc) &&

                (onlyImmutable || satisfiedByLinkBandwidths(nc)) &&

                satisfiedBySpecifier(nc) &&

                (onlyImmutable || satisfiedBySignalStrength(nc)));

        return (nc != null

                && satisfiedByNetCapabilities(nc, onlyImmutable)

                && satisfiedByTransportTypes(nc)

                && (onlyImmutable || satisfiedByLinkBandwidths(nc))

                && satisfiedBySpecifier(nc)

                && (onlyImmutable || satisfiedBySignalStrength(nc))

                && (onlyImmutable || satisfiedByUids(nc)));

    }

    /**

    public boolean equals(Object obj) {

        if (obj == null || (obj instanceof NetworkCapabilities == false)) return false;

        NetworkCapabilities that = (NetworkCapabilities) obj;

        return (equalsNetCapabilities(that) &&

                equalsTransportTypes(that) &&

                equalsLinkBandwidths(that) &&

                equalsSignalStrength(that) &&

                equalsSpecifier(that));

        return (equalsNetCapabilities(that)

                && equalsTransportTypes(that)

                && equalsLinkBandwidths(that)

                && equalsSignalStrength(that)

                && equalsSpecifier(that)

                && equalsUids(that));

    }

    @Override

    public int hashCode() {

        return ((int)(mNetworkCapabilities & 0xFFFFFFFF) +

                ((int)(mNetworkCapabilities >> 32) * 3) +

                ((int)(mTransportTypes & 0xFFFFFFFF) * 5) +

                ((int)(mTransportTypes >> 32) * 7) +

                (mLinkUpBandwidthKbps * 11) +

                (mLinkDownBandwidthKbps * 13) +

                Objects.hashCode(mNetworkSpecifier) * 17 +

                (mSignalStrength * 19));

        return ((int) (mNetworkCapabilities & 0xFFFFFFFF)

                + ((int) (mNetworkCapabilities >> 32) * 3)

                + ((int) (mTransportTypes & 0xFFFFFFFF) * 5)

                + ((int) (mTransportTypes >> 32) * 7)

                + (mLinkUpBandwidthKbps * 11)

                + (mLinkDownBandwidthKbps * 13)

                + Objects.hashCode(mNetworkSpecifier) * 17

                + (mSignalStrength * 19)

                + Objects.hashCode(mUids) * 23);

    }

    @Override

        dest.writeInt(mLinkDownBandwidthKbps);

        dest.writeParcelable((Parcelable) mNetworkSpecifier, flags);

        dest.writeInt(mSignalStrength);

        dest.writeArraySet(new ArraySet<>(mUids));

    }

    public static final Creator<NetworkCapabilities> CREATOR =

                netCap.mLinkDownBandwidthKbps = in.readInt();

                netCap.mNetworkSpecifier = in.readParcelable(null);

                netCap.mSignalStrength = in.readInt();

                netCap.mUids = (ArraySet<UidRange>) in.readArraySet(

                        null /* ClassLoader, null for default */);

                return netCap;

            }

            @Override

        String signalStrength = (hasSignalStrength() ? " SignalStrength: " + mSignalStrength : "");

        return "[" + transports + capabilities + upBand + dnBand + specifier + signalStrength + "]";

        String uids = (null != mUids ? " Uids: <" + mUids + ">" : "");

        String establishingAppUid = " EstablishingAppUid: " + mEstablishingVpnAppUid;

        return "[" + transports + capabilities + upBand + dnBand + specifier + signalStrength

            + uids + establishingAppUid + "]";

    }

    /** @hide */

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_METERED;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_ROAMING;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_VPN;

import static android.net.NetworkCapabilities.NET_CAPABILITY_VALIDATED;

import static android.net.NetworkCapabilities.TRANSPORT_VPN;

import android.security.KeyStore;

import android.telephony.TelephonyManager;

import android.text.TextUtils;

import android.util.ArraySet;

import android.util.LocalLog;

import android.util.LocalLog.ReadOnlyLocalLog;

import android.util.Log;

import java.util.List;

import java.util.Map;

import java.util.Objects;

import java.util.Set;

import java.util.SortedSet;

import java.util.TreeSet;

        mSystemProperties = getSystemProperties();

        mMetricsLog = logger;

        mDefaultRequest = createInternetRequestForTransport(-1, NetworkRequest.Type.REQUEST);

        mDefaultRequest = createDefaultInternetRequestForTransport(-1, NetworkRequest.Type.REQUEST);

        NetworkRequestInfo defaultNRI = new NetworkRequestInfo(null, mDefaultRequest, new Binder());

        mNetworkRequests.put(mDefaultRequest, defaultNRI);

        mNetworkRequestInfoLogs.log("REGISTER " + defaultNRI);

        mDefaultMobileDataRequest = createInternetRequestForTransport(

        mDefaultMobileDataRequest = createDefaultInternetRequestForTransport(

                NetworkCapabilities.TRANSPORT_CELLULAR, NetworkRequest.Type.BACKGROUND_REQUEST);

        mHandlerThread = new HandlerThread("ConnectivityServiceThread");

                deps);

    }

    private NetworkRequest createInternetRequestForTransport(

    private NetworkRequest createDefaultInternetRequestForTransport(

            int transportType, NetworkRequest.Type type) {

        NetworkCapabilities netCap = new NetworkCapabilities();

        netCap.addCapability(NET_CAPABILITY_INTERNET);

                        for (Network network : networks) {

                            nai = getNetworkAgentInfoForNetwork(network);

                            nc = getNetworkCapabilitiesInternal(nai);

                            // nc is a copy of the capabilities in nai, so it's fine to mutate it

                            // TODO : don't remove the UIDs when communicating with processes

                            // that have the NETWORK_SETTINGS permission.

                            if (nc != null) {

                                nc.setSingleUid(userId);

                                result.put(network, nc);

                            }

                        }

                    if (score != null) updateNetworkScore(nai, score.intValue());

                    break;

                }

                case NetworkAgent.EVENT_UID_RANGES_ADDED: {

                    try {

                        mNetd.addVpnUidRanges(nai.network.netId, (UidRange[])msg.obj);

                    } catch (Exception e) {

                        // Never crash!

                        loge("Exception in addVpnUidRanges: " + e);

                    }

                    break;

                }

                case NetworkAgent.EVENT_UID_RANGES_REMOVED: {

                    try {

                        mNetd.removeVpnUidRanges(nai.network.netId, (UidRange[])msg.obj);

                    } catch (Exception e) {

                        // Never crash!

                        loge("Exception in removeVpnUidRanges: " + e);

                    }

                    break;

                }

                case NetworkAgent.EVENT_SET_EXPLICITLY_SELECTED: {

                    if (nai.everConnected && !nai.networkMisc.explicitlySelected) {

                        loge("ERROR: already-connected network explicitly selected.");

        // the system default network.

        if (type == NetworkRequest.Type.TRACK_DEFAULT) {

            networkCapabilities = new NetworkCapabilities(mDefaultRequest.networkCapabilities);

            networkCapabilities.removeCapability(NET_CAPABILITY_NOT_VPN);

            enforceAccessPermission();

        } else {

            networkCapabilities = new NetworkCapabilities(networkCapabilities);

            enforceMeteredApnPolicy(networkCapabilities);

        }

        ensureRequestableCapabilities(networkCapabilities);

        // Set the UID range for this request to the single UID of the requester.

        // This will overwrite any allowed UIDs in the requested capabilities. Though there

        // are no visible methods to set the UIDs, an app could use reflection to try and get

        // networks for other apps so it's essential that the UIDs are overwritten.

        // TODO : don't forcefully set the UID when communicating with processes

        // that have the NETWORK_SETTINGS permission.

        networkCapabilities.setSingleUid(Binder.getCallingUid());

        if (timeoutMs < 0) {

            throw new IllegalArgumentException("Bad timeout specified");

        enforceMeteredApnPolicy(networkCapabilities);

        ensureRequestableCapabilities(networkCapabilities);

        ensureValidNetworkSpecifier(networkCapabilities);

        // TODO : don't forcefully set the UID when communicating with processes

        // that have the NETWORK_SETTINGS permission.

        networkCapabilities.setSingleUid(Binder.getCallingUid());

        NetworkRequest networkRequest = new NetworkRequest(networkCapabilities, TYPE_NONE,

                nextNetworkRequestId(), NetworkRequest.Type.REQUEST);

        }

        NetworkCapabilities nc = new NetworkCapabilities(networkCapabilities);

        // TODO : don't forcefully set the UIDs when communicating with processes

        // that have the NETWORK_SETTINGS permission.

        nc.setSingleUid(Binder.getCallingUid());

        if (!ConnectivityManager.checkChangePermission(mContext)) {

            // Apps without the CHANGE_NETWORK_STATE permission can't use background networks, so

            // make all their listens include NET_CAPABILITY_FOREGROUND. That way, they will get

        }

        ensureValidNetworkSpecifier(networkCapabilities);

        NetworkRequest networkRequest = new NetworkRequest(

                new NetworkCapabilities(networkCapabilities), TYPE_NONE, nextNetworkRequestId(),

        final NetworkCapabilities nc = new NetworkCapabilities(networkCapabilities);

        // TODO : don't forcefully set the UIDs when communicating with processes

        // that have the NETWORK_SETTINGS permission.

        nc.setSingleUid(Binder.getCallingUid());

        NetworkRequest networkRequest = new NetworkRequest(nc, TYPE_NONE, nextNetworkRequestId(),

                NetworkRequest.Type.LISTEN);

        NetworkRequestInfo nri = new NetworkRequestInfo(networkRequest, operation);

        if (VDBG) log("pendingListenForNetwork for " + nri);

        NetworkInfo networkInfo = na.networkInfo;

        na.networkInfo = null;

        updateNetworkInfo(na, networkInfo);

        updateUids(na, null, na.networkCapabilities);

    }

    private void updateLinkProperties(NetworkAgentInfo networkAgent, LinkProperties oldLp) {

            nai.networkCapabilities = newNc;

        }

        updateUids(nai, prevNc, newNc);

        if (nai.getCurrentScore() == oldScore && newNc.equalRequestableCapabilities(prevNc)) {

            // If the requestable capabilities haven't changed, and the score hasn't changed, then

            // the change we're processing can't affect any requests, it can only affect the listens

        }

    }

    private void updateUids(NetworkAgentInfo nai, NetworkCapabilities prevNc,

            NetworkCapabilities newNc) {

        Set<UidRange> prevRanges = null == prevNc ? null : prevNc.getUids();

        Set<UidRange> newRanges = null == newNc ? null : newNc.getUids();

        if (null == prevRanges) prevRanges = new ArraySet<>();

        if (null == newRanges) newRanges = new ArraySet<>();

        final Set<UidRange> prevRangesCopy = new ArraySet<>(prevRanges);

        prevRanges.removeAll(newRanges);

        newRanges.removeAll(prevRangesCopy);

        try {

            if (!newRanges.isEmpty()) {

                final UidRange[] addedRangesArray = new UidRange[newRanges.size()];

                newRanges.toArray(addedRangesArray);

                mNetd.addVpnUidRanges(nai.network.netId, addedRangesArray);

            }

            if (!prevRanges.isEmpty()) {

                final UidRange[] removedRangesArray = new UidRange[prevRanges.size()];

                prevRanges.toArray(removedRangesArray);

                mNetd.removeVpnUidRanges(nai.network.netId, removedRangesArray);

            }

        } catch (Exception e) {

            // Never crash!

            loge("Exception in updateUids: " + e);

        }

    }

    public void handleUpdateLinkProperties(NetworkAgentInfo nai, LinkProperties newLp) {

        if (mNetworkForNetId.get(nai.network.netId) != nai) {

            // Ignore updates for disconnected networks

                break;

            }

            case ConnectivityManager.CALLBACK_CAP_CHANGED: {

                putParcelable(bundle, new NetworkCapabilities(networkAgent.networkCapabilities));

                final NetworkCapabilities nc =

                        new NetworkCapabilities(networkAgent.networkCapabilities);

                // TODO : don't remove the UIDs when communicating with processes

                // that have the NETWORK_SETTINGS permission.

                nc.setSingleUid(nri.mUid);

                putParcelable(bundle, nc);

                break;

            }

            case ConnectivityManager.CALLBACK_IP_CHANGED: {

                        }

                    }

                }

                updateUids(networkAgent, networkAgent.networkCapabilities, null);

            }

        } else if ((oldInfo != null && oldInfo.getState() == NetworkInfo.State.SUSPENDED) ||

                state == NetworkInfo.State.SUSPENDED) {