Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2fbc846e authored by Pavan Kumar M's avatar Pavan Kumar M
Browse files

Validate OEM_PAID networks 

- Validation is required for private DNS in strict mode. Validate
  internet networks with OEM_PAID capability as well.
- Disable sign-in notification on all restricted networks, not
  just OEM_PAID restricted networks. This includes, for example,
  carrier wifi networks that back VCN networks.
- Update unit tests.
- Fix some lint errors.

Test: Builds, Boots
Test: atest NetworkStackTests:com.android.server.connectivity.NetworkMonitorTest
Bug: 187156341
Bug: 181281776
Change-Id: I4def3a0fc49a9995a4556ec580fc730baf826a1b
parent d8c1cba4

common/moduleutils/src/android/net/shared/NetworkMonitorUtils.java

+3 −1
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ package android.net.shared; 
import static android.net.NetworkCapabilities.NET_CAPABILITY_INTERNET;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_VPN;

import static android.net.NetworkCapabilities.NET_CAPABILITY_OEM_PAID;

import static android.net.NetworkCapabilities.NET_CAPABILITY_TRUSTED;

import static android.net.NetworkCapabilities.TRANSPORT_BLUETOOTH;

import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR;
@@ -61,7 +62,8 @@ public class NetworkMonitorUtils { 


        // TODO: Consider requiring validation for DUN networks.

        if (nc.hasCapability(NET_CAPABILITY_INTERNET)

                && nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED)

                && (nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED)

                        || nc.hasCapability(NET_CAPABILITY_OEM_PAID))

                && nc.hasCapability(NET_CAPABILITY_TRUSTED)) {

            // Real networks

            return true;

src/com/android/server/connectivity/NetworkMonitor.java

+9 −0
Original line number Diff line number Diff line
@@ -33,6 +33,7 @@ import static android.net.INetworkMonitor.NETWORK_VALIDATION_PROBE_PRIVDNS; 
import static android.net.INetworkMonitor.NETWORK_VALIDATION_RESULT_PARTIAL;

import static android.net.INetworkMonitor.NETWORK_VALIDATION_RESULT_VALID;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_METERED;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED;

import static android.net.captiveportal.CaptivePortalProbeSpec.parseCaptivePortalProbeSpecs;

import static android.net.metrics.ValidationProbeEvent.DNS_FAILURE;

import static android.net.metrics.ValidationProbeEvent.DNS_SUCCESS;
@@ -671,6 +672,7 @@ public class NetworkMonitor extends StateMachine { 
                (Pair<LinkProperties, NetworkCapabilities>) connectedMsg.obj;

        mLinkProperties = attrs.first;

        mNetworkCapabilities = attrs.second;

        suppressNotificationIfNetworkRestricted();

    }



    /**
@@ -735,6 +737,12 @@ public class NetworkMonitor extends StateMachine { 
        return NetworkMonitorUtils.isPrivateDnsValidationRequired(mNetworkCapabilities);

    }



    private void suppressNotificationIfNetworkRestricted() {

        if (!mNetworkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED)) {

            mDontDisplaySigninNotification = true;

        }

    }



    private void notifyNetworkTested(NetworkTestResultParcelable result) {

        try {

            if (mCallbackVersion <= 5) {
@@ -984,6 +992,7 @@ public class NetworkMonitor extends StateMachine { 
                    break;

                case EVENT_NETWORK_CAPABILITIES_CHANGED:

                    mNetworkCapabilities = (NetworkCapabilities) message.obj;

                    suppressNotificationIfNetworkRestricted();

                    break;

                default:

                    break;

tests/unit/src/com/android/server/connectivity/NetworkMonitorTest.java

+65 −0
Original line number Diff line number Diff line
@@ -28,6 +28,8 @@ import static android.net.INetworkMonitor.NETWORK_VALIDATION_RESULT_PARTIAL; 
import static android.net.INetworkMonitor.NETWORK_VALIDATION_RESULT_VALID;

import static android.net.NetworkCapabilities.NET_CAPABILITY_INTERNET;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_METERED;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED;

import static android.net.NetworkCapabilities.NET_CAPABILITY_OEM_PAID;

import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR;

import static android.net.NetworkCapabilities.TRANSPORT_VPN;

import static android.net.NetworkCapabilities.TRANSPORT_WIFI;
@@ -316,6 +318,14 @@ public class NetworkMonitorTest { 
    private static final NetworkCapabilities CELL_NO_INTERNET_CAPABILITIES =

            new NetworkCapabilities().addTransportType(NetworkCapabilities.TRANSPORT_CELLULAR);



    private static final NetworkCapabilities WIFI_OEM_PAID_CAPABILITIES =

            new NetworkCapabilities()

                .addTransportType(NetworkCapabilities.TRANSPORT_WIFI)

                .addCapability(NET_CAPABILITY_INTERNET)

                .addCapability(NET_CAPABILITY_NOT_METERED)

                .addCapability(NET_CAPABILITY_OEM_PAID)

                .removeCapability(NET_CAPABILITY_NOT_RESTRICTED);



    /**

     * Fakes DNS responses.

     *
@@ -2633,6 +2643,61 @@ public class NetworkMonitorTest { 
                        ConnectivityManager.EXTRA_NETWORK)).netId));

    }



    @Test

    public void testOemPaidNetworkValidated() throws Exception {

        setValidProbes();



        final NetworkMonitor nm = runNetworkTest(TEST_LINK_PROPERTIES,

                WIFI_OEM_PAID_CAPABILITIES,

                NETWORK_VALIDATION_RESULT_VALID,

                NETWORK_VALIDATION_PROBE_DNS | NETWORK_VALIDATION_PROBE_HTTPS,

                null /* redirectUrl */);

        assertEquals(NETWORK_VALIDATION_RESULT_VALID,

                nm.getEvaluationState().getEvaluationResult());

    }



    @Test

    public void testOemPaidNetwork_AllProbesFailed() throws Exception {

        setSslException(mHttpsConnection);

        setStatus(mHttpConnection, 500);

        setStatus(mFallbackConnection, 404);



        runNetworkTest(TEST_LINK_PROPERTIES,

                WIFI_OEM_PAID_CAPABILITIES,

                VALIDATION_RESULT_INVALID, 0 /* probesSucceeded */, null /* redirectUrl */);

    }



    @Test

    public void testOemPaidNetworkNoInternetCapabilityValidated() throws Exception {

        setSslException(mHttpsConnection);

        setStatus(mHttpConnection, 500);

        setStatus(mFallbackConnection, 404);



        final NetworkCapabilities networkCapabilities =

                new NetworkCapabilities(WIFI_OEM_PAID_CAPABILITIES);

        networkCapabilities.removeCapability(NET_CAPABILITY_INTERNET);

        runNetworkTest(TEST_LINK_PROPERTIES, networkCapabilities,

                NETWORK_VALIDATION_RESULT_VALID, 0 /* probesSucceeded */, null /* redirectUrl */);



        verify(mCleartextDnsNetwork, never()).openConnection(any());

        verify(mHttpsConnection, never()).getResponseCode();

        verify(mHttpConnection, never()).getResponseCode();

        verify(mFallbackConnection, never()).getResponseCode();

    }



    @Test

    public void testOemPaidNetwork_CaptivePortalNotLaunched() throws Exception {

        setSslException(mHttpsConnection);

        setStatus(mFallbackConnection, 404);

        setPortal302(mHttpConnection);



        runNetworkTest(TEST_LINK_PROPERTIES, WIFI_OEM_PAID_CAPABILITIES,

                VALIDATION_RESULT_PORTAL, 0 /* probesSucceeded */,

                TEST_LOGIN_URL);



        verify(mCallbacks, never()).showProvisioningNotification(any(), any());

    }



    private void setupResourceForMultipleProbes() {

        // Configure the resource to send multiple probe.

        when(mResources.getStringArray(R.array.config_captive_portal_https_urls))