1 /*
2  * Copyright (C) 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.net.shared;
18 
19 import static android.net.NetworkCapabilities.NET_CAPABILITY_INTERNET;
20 import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED;
21 import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_VPN;
22 import static android.net.NetworkCapabilities.NET_CAPABILITY_OEM_PAID;
23 import static android.net.NetworkCapabilities.NET_CAPABILITY_TRUSTED;
24 import static android.net.NetworkCapabilities.TRANSPORT_BLUETOOTH;
25 import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR;
26 import static android.net.NetworkCapabilities.TRANSPORT_ETHERNET;
27 import static android.net.NetworkCapabilities.TRANSPORT_WIFI;
28 
29 import android.net.NetworkCapabilities;
30 
31 /** @hide */
32 public class NetworkMonitorUtils {
33     // This class is used by both NetworkMonitor and ConnectivityService, so it cannot use
34     // NetworkStack shims, but at the same time cannot use non-system APIs.
35     // TRANSPORT_TEST is test API as of R (so it is enforced to always be 7 and can't be changed),
36     // and it is being added as a system API in S.
37     // TODO: use NetworkCapabilities.TRANSPORT_TEST once NetworkStack builds against API 31.
38     private static final int TRANSPORT_TEST = 7;
39 
40     // This class is used by both NetworkMonitor and ConnectivityService, so it cannot use
41     // NetworkStack shims, but at the same time cannot use non-system APIs.
42     // NET_CAPABILITY_NOT_VCN_MANAGED is system API as of S (so it is enforced to always be 28 and
43     // can't be changed).
44     // TODO: use NetworkCapabilities.NET_CAPABILITY_NOT_VCN_MANAGED once NetworkStack builds against
45     //       API 31.
46     public static final int NET_CAPABILITY_NOT_VCN_MANAGED = 28;
47 
48     // Network conditions broadcast constants
49     public static final String ACTION_NETWORK_CONDITIONS_MEASURED =
50             "android.net.conn.NETWORK_CONDITIONS_MEASURED";
51     public static final String EXTRA_CONNECTIVITY_TYPE = "extra_connectivity_type";
52     public static final String EXTRA_NETWORK_TYPE = "extra_network_type";
53     public static final String EXTRA_RESPONSE_RECEIVED = "extra_response_received";
54     public static final String EXTRA_IS_CAPTIVE_PORTAL = "extra_is_captive_portal";
55     public static final String EXTRA_CELL_ID = "extra_cellid";
56     public static final String EXTRA_SSID = "extra_ssid";
57     public static final String EXTRA_BSSID = "extra_bssid";
58     /** real time since boot */
59     public static final String EXTRA_REQUEST_TIMESTAMP_MS = "extra_request_timestamp_ms";
60     public static final String EXTRA_RESPONSE_TIMESTAMP_MS = "extra_response_timestamp_ms";
61     public static final String PERMISSION_ACCESS_NETWORK_CONDITIONS =
62             "android.permission.ACCESS_NETWORK_CONDITIONS";
63 
64     /**
65      * Return whether validation is required for private DNS in strict mode.
66      * @param nc Network capabilities of the network to test.
67      */
isPrivateDnsValidationRequired(NetworkCapabilities nc)68     public static boolean isPrivateDnsValidationRequired(NetworkCapabilities nc) {
69         if (nc == null) return false;
70 
71         final boolean isVcnManaged = !nc.hasCapability(NET_CAPABILITY_NOT_VCN_MANAGED);
72         final boolean isOemPaid = nc.hasCapability(NET_CAPABILITY_OEM_PAID)
73                 && nc.hasCapability(NET_CAPABILITY_TRUSTED);
74         final boolean isDefaultCapable = nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED)
75                 && nc.hasCapability(NET_CAPABILITY_TRUSTED);
76 
77         // TODO: Consider requiring validation for DUN networks.
78         if (nc.hasCapability(NET_CAPABILITY_INTERNET)
79                 && (isVcnManaged || isOemPaid || isDefaultCapable)) {
80             return true;
81         }
82 
83         // TODO: once TRANSPORT_TEST is @SystemApi in S and S SDK is stable (so constant shims can
84         // be replaced with the SDK constant that will be inlined), replace isTestNetwork with
85         // hasTransport(TRANSPORT_TEST)
86 
87         // Test networks that also have one of the major transport types are attempting to replicate
88         // that transport on a test interface (for example, test ethernet networks with
89         // EthernetManager#setIncludeTestInterfaces). Run validation on them for realistic tests.
90         // See also comments on EthernetManager#setIncludeTestInterfaces and on TestNetworkManager.
91         if (nc.hasTransport(TRANSPORT_TEST) && nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) && (
92                 nc.hasTransport(TRANSPORT_WIFI)
93                 || nc.hasTransport(TRANSPORT_CELLULAR)
94                 || nc.hasTransport(TRANSPORT_BLUETOOTH)
95                 || nc.hasTransport(TRANSPORT_ETHERNET))) {
96             return true;
97         }
98 
99         return false;
100     }
101 
102     /**
103      * Return whether validation is required for a network.
104      * @param nc Network capabilities of the network to test.
105      */
isValidationRequired(NetworkCapabilities nc)106     public static boolean isValidationRequired(NetworkCapabilities nc) {
107         // TODO: Consider requiring validation for DUN networks.
108         return isPrivateDnsValidationRequired(nc) && nc.hasCapability(NET_CAPABILITY_NOT_VPN);
109     }
110 }
111