Have NetworkMonitor validate VPNs that request it. (be80b30c) · Commits · e / os / android_packages_modules_NetworkStack

common/moduleutils/src/android/net/shared/NetworkMonitorUtils.java

+10 −5

Original line number	Original line	Diff line number	Diff line
	@@ -26,9 +26,11 @@ import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR;
	import static android.net.NetworkCapabilities.TRANSPORT_ETHERNET;		import static android.net.NetworkCapabilities.TRANSPORT_ETHERNET;
	import static android.net.NetworkCapabilities.TRANSPORT_WIFI;		import static android.net.NetworkCapabilities.TRANSPORT_WIFI;

			import android.annotation.NonNull;
	import android.net.NetworkCapabilities;		import android.net.NetworkCapabilities;

	import com.android.modules.utils.build.SdkLevel;		import com.android.modules.utils.build.SdkLevel;
			import com.android.networkstack.apishim.common.NetworkAgentConfigShim;

	/** @hide */		/** @hide */
	public class NetworkMonitorUtils {		public class NetworkMonitorUtils {
	@@ -67,9 +69,7 @@ public class NetworkMonitorUtils {
	* Return whether validation is required for private DNS in strict mode.		* Return whether validation is required for private DNS in strict mode.
	* @param nc Network capabilities of the network to test.		* @param nc Network capabilities of the network to test.
	*/		*/
	public static boolean isPrivateDnsValidationRequired(NetworkCapabilities nc) {		public static boolean isPrivateDnsValidationRequired(@NonNull final NetworkCapabilities nc) {
	if (nc == null) return false;

	final boolean isVcnManaged = SdkLevel.isAtLeastS()		final boolean isVcnManaged = SdkLevel.isAtLeastS()
	&& !nc.hasCapability(NET_CAPABILITY_NOT_VCN_MANAGED);		&& !nc.hasCapability(NET_CAPABILITY_NOT_VCN_MANAGED);
	final boolean isOemPaid = nc.hasCapability(NET_CAPABILITY_OEM_PAID)		final boolean isOemPaid = nc.hasCapability(NET_CAPABILITY_OEM_PAID)
	@@ -100,10 +100,15 @@ public class NetworkMonitorUtils {

	/**		/**
	* Return whether validation is required for a network.		* Return whether validation is required for a network.
			* @param config Configuration of the network to test.
	* @param nc Network capabilities of the network to test.		* @param nc Network capabilities of the network to test.
	*/		*/
	public static boolean isValidationRequired(NetworkCapabilities nc) {		public static boolean isValidationRequired(@NonNull final NetworkAgentConfigShim config,
			@NonNull final NetworkCapabilities nc) {
	// TODO: Consider requiring validation for DUN networks.		// TODO: Consider requiring validation for DUN networks.
	return isPrivateDnsValidationRequired(nc) && nc.hasCapability(NET_CAPABILITY_NOT_VPN);		if (!nc.hasCapability(NET_CAPABILITY_NOT_VPN)) {
			return config.isVpnValidationRequired();
			}
			return isPrivateDnsValidationRequired(nc);
	}		}
	}		}

src/com/android/server/connectivity/NetworkMonitor.java

+10 −2

Original line number	Original line	Diff line number	Diff line
	@@ -164,9 +164,11 @@ import com.android.net.module.util.NetworkStackConstants;
	import com.android.networkstack.NetworkStackNotifier;		import com.android.networkstack.NetworkStackNotifier;
	import com.android.networkstack.R;		import com.android.networkstack.R;
	import com.android.networkstack.apishim.CaptivePortalDataShimImpl;		import com.android.networkstack.apishim.CaptivePortalDataShimImpl;
			import com.android.networkstack.apishim.NetworkAgentConfigShimImpl;
	import com.android.networkstack.apishim.NetworkInformationShimImpl;		import com.android.networkstack.apishim.NetworkInformationShimImpl;
	import com.android.networkstack.apishim.api29.ConstantsShim;		import com.android.networkstack.apishim.api29.ConstantsShim;
	import com.android.networkstack.apishim.common.CaptivePortalDataShim;		import com.android.networkstack.apishim.common.CaptivePortalDataShim;
			import com.android.networkstack.apishim.common.NetworkAgentConfigShim;
	import com.android.networkstack.apishim.common.NetworkInformationShim;		import com.android.networkstack.apishim.common.NetworkInformationShim;
	import com.android.networkstack.apishim.common.ShimUtils;		import com.android.networkstack.apishim.common.ShimUtils;
	import com.android.networkstack.apishim.common.UnsupportedApiLevelException;		import com.android.networkstack.apishim.common.UnsupportedApiLevelException;
	@@ -427,6 +429,7 @@ public class NetworkMonitor extends StateMachine {
	private final INetworkMonitorCallbacks mCallback;		private final INetworkMonitorCallbacks mCallback;
	private final int mCallbackVersion;		private final int mCallbackVersion;
	private final Network mCleartextDnsNetwork;		private final Network mCleartextDnsNetwork;
			@NonNull
	private final Network mNetwork;		private final Network mNetwork;
	private final TelephonyManager mTelephonyManager;		private final TelephonyManager mTelephonyManager;
	private final WifiManager mWifiManager;		private final WifiManager mWifiManager;
	@@ -460,7 +463,11 @@ public class NetworkMonitor extends StateMachine {
	private final int mEvaluatingBandwidthTimeoutMs;		private final int mEvaluatingBandwidthTimeoutMs;
	private final AtomicInteger mNextEvaluatingBandwidthThreadId = new AtomicInteger(1);		private final AtomicInteger mNextEvaluatingBandwidthThreadId = new AtomicInteger(1);

			@NonNull
			private NetworkAgentConfigShim mNetworkAgentConfig;
			@NonNull
	private NetworkCapabilities mNetworkCapabilities;		private NetworkCapabilities mNetworkCapabilities;
			@NonNull
	private LinkProperties mLinkProperties;		private LinkProperties mLinkProperties;

	@VisibleForTesting		@VisibleForTesting
	@@ -647,6 +654,7 @@ public class NetworkMonitor extends StateMachine {
	// even before notifyNetworkConnected.		// even before notifyNetworkConnected.
	mLinkProperties = new LinkProperties();		mLinkProperties = new LinkProperties();
	mNetworkCapabilities = new NetworkCapabilities(null);		mNetworkCapabilities = new NetworkCapabilities(null);
			mNetworkAgentConfig = NetworkAgentConfigShimImpl.newInstance(null);
	}		}

	/**		/**