Merge "Add SDK check to check NOT_VCN_MANAGED"

    libs: ["unsupportedappusage"],

    static_libs: [

        "androidx.annotation_annotation",

        "modules-utils-build_system",

        "netd_aidl_interface-lateststable-java",

        "netlink-client",

        "networkstack-client",

    default_applicable_licenses: ["Android-Apache-2.0"],

}

// TODO: remove this filegroup together with services.net

filegroup {

    name: "net-module-utils-srcs",

    srcs: [

        "src/android/net/util/SharedLog.java",

        "src/android/net/shared/NetdUtils.java",

        "src/android/net/shared/NetworkMonitorUtils.java",

        "src/android/net/shared/RouteUtils.java",

        "src/android/net/util/InterfaceParams.java",

        "src/android/net/util/SharedLog.java",

    ],

    visibility: [

        "//frameworks/base/services/net",

        "//frameworks/base/packages/Connectivity/service",

    ]

}

filegroup {

    name: "connectivity-module-utils-srcs",

    srcs: [

        "src/android/net/util/SharedLog.java",

        "src/android/net/shared/NetdUtils.java",

        "src/android/net/shared/NetworkMonitorUtils.java",

        "src/android/net/shared/RouteUtils.java",

    ],

    visibility: [

        "//packages/modules/Connectivity/service",

    ]

}

import android.net.NetworkCapabilities;

import com.android.modules.utils.build.SdkLevel;

/** @hide */

public class NetworkMonitorUtils {

    // This class is used by both NetworkMonitor and ConnectivityService, so it cannot use

    public static boolean isPrivateDnsValidationRequired(NetworkCapabilities nc) {

        if (nc == null) return false;

        final boolean isVcnManaged = !nc.hasCapability(NET_CAPABILITY_NOT_VCN_MANAGED);

        final boolean isVcnManaged = SdkLevel.isAtLeastS()

                && !nc.hasCapability(NET_CAPABILITY_NOT_VCN_MANAGED);

        final boolean isOemPaid = nc.hasCapability(NET_CAPABILITY_OEM_PAID)

                && nc.hasCapability(NET_CAPABILITY_TRUSTED);

        final boolean isDefaultCapable = nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED)

import static android.net.NetworkCapabilities.NET_CAPABILITY_INTERNET;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_METERED;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_VCN_MANAGED;

import static android.net.NetworkCapabilities.NET_CAPABILITY_OEM_PAID;

import static android.net.NetworkCapabilities.NET_CAPABILITY_TRUSTED;

import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR;

import static android.net.NetworkCapabilities.TRANSPORT_VPN;

import static android.net.NetworkCapabilities.TRANSPORT_WIFI;

import android.net.Uri;

import android.net.captiveportal.CaptivePortalProbeResult;

import android.net.metrics.IpConnectivityLog;

import android.net.shared.NetworkMonitorUtils;

import android.net.shared.PrivateDnsConfig;

import android.net.util.SharedLog;

import android.net.wifi.WifiInfo;

        runFailedNetworkTest();

    }

    @Test

    public void testNoInternetCapabilityValidated() throws Exception {

    private void doValidationSkippedTest(NetworkCapabilities nc) throws Exception {

        // For S+, the RESULT_SKIPPED bit will be included on networks that both do not require

        // validation and for which validation is not performed.

        final int validationResult = ShimUtils.isAtLeastS()

                ? NETWORK_VALIDATION_RESULT_VALID | NETWORK_VALIDATION_RESULT_SKIPPED

                : NETWORK_VALIDATION_RESULT_VALID;

        runNetworkTest(TEST_LINK_PROPERTIES, CELL_NO_INTERNET_CAPABILITIES, validationResult,

        runNetworkTest(TEST_LINK_PROPERTIES, nc, validationResult,

                0 /* probesSucceeded */, null /* redirectUrl */);

        verify(mCleartextDnsNetwork, never()).openConnection(any());

    }

    @Test

    public void testNoInternetCapabilityValidated() throws Exception {

        doValidationSkippedTest(CELL_NO_INTERNET_CAPABILITIES);

    }

    @Test

    public void testNoTrustedCapabilityValidated() throws Exception {

        final NetworkCapabilities.Builder nc = new NetworkCapabilities.Builder()

                .addCapability(NET_CAPABILITY_INTERNET)

                .removeCapability(NET_CAPABILITY_TRUSTED)

                .addTransportType(TRANSPORT_CELLULAR);

        if (ShimUtils.isAtLeastS()) {

            nc.addCapability(NET_CAPABILITY_NOT_VCN_MANAGED);

        }

        doValidationSkippedTest(nc.build());

    }

    @Test

    public void testRestrictedCapabilityValidated() throws Exception {

        final NetworkCapabilities.Builder nc = new NetworkCapabilities.Builder()

                .addCapability(NET_CAPABILITY_INTERNET)

                .removeCapability(NET_CAPABILITY_NOT_RESTRICTED)

                .addTransportType(TRANSPORT_CELLULAR);

        if (ShimUtils.isAtLeastS()) {

            nc.addCapability(NET_CAPABILITY_NOT_VCN_MANAGED);

        }

        doValidationSkippedTest(nc.build());

    }

    private NetworkCapabilities getVcnUnderlyingCarrierWifiCaps() {

        // Must be called from within the test because NOT_VCN_MANAGED is an invalid capability

        // value up to Android R. Thus, this must be guarded by an SDK check in tests that use this.

        return new NetworkCapabilities.Builder()

                .addTransportType(NetworkCapabilities.TRANSPORT_WIFI)

                .removeCapability(NetworkMonitorUtils.NET_CAPABILITY_NOT_VCN_MANAGED)

                .removeCapability(NetworkCapabilities.NET_CAPABILITY_NOT_VCN_MANAGED)

                .removeCapability(NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED)

                .removeCapability(NetworkCapabilities.NET_CAPABILITY_TRUSTED)

                .addCapability(NET_CAPABILITY_INTERNET)