LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "Give VPNs the INTERNET capability when they route most of the IP space" am: f477aedec5 am: 7506c131c1

Browse Source 
am: 941de3f74c

Change-Id: Ifd77149ca2c45249b8776c878c6fac46ae81c2a4
This commit is contained in:
Chalard Jean
2018-03-02 12:54:29 +00:00
committed by android-build-merger
parent 3f1d0bb1a3 941de3f74c
commit 562e154642
5 changed files with 350 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
tests/net/java/com/android/server/connectivity/VpnTest.java
View File

@@ -57,9 +57,13 @@ import android.content.pm.ServiceInfo;
import android.content.pm.UserInfo;
import android.content.res.Resources;
import android.net.ConnectivityManager;
import android.net.IConnectivityManager;
import android.net.IpPrefix;
import android.net.LinkProperties;
import android.net.Network;
import android.net.NetworkCapabilities;
import android.net.NetworkInfo.DetailedState;
import android.net.RouteInfo;
import android.net.UidRange;
import android.net.VpnService;
import android.os.Build.VERSION_CODES;
@@ -90,7 +94,8 @@ import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
/**
* Tests for {@link Vpn}.
@@ -563,4 +568,75 @@ public class VpnTest {
return networks.get(network);
}).when(mConnectivityManager).getNetworkCapabilities(any());
}
// Need multiple copies of this, but Java's Stream objects can't be reused or
// duplicated.
private Stream<String> publicIpV4Routes() {
return Stream.of(
"0.0.0.0/5", "8.0.0.0/7", "11.0.0.0/8", "12.0.0.0/6", "16.0.0.0/4",
"32.0.0.0/3", "64.0.0.0/2", "128.0.0.0/3", "160.0.0.0/5", "168.0.0.0/6",
"172.0.0.0/12", "172.32.0.0/11", "172.64.0.0/10", "172.128.0.0/9",
"173.0.0.0/8", "174.0.0.0/7", "176.0.0.0/4", "192.0.0.0/9", "192.128.0.0/11",
"192.160.0.0/13", "192.169.0.0/16", "192.170.0.0/15", "192.172.0.0/14",
"192.176.0.0/12", "192.192.0.0/10", "193.0.0.0/8", "194.0.0.0/7",
"196.0.0.0/6", "200.0.0.0/5", "208.0.0.0/4");
}
private Stream<String> publicIpV6Routes() {
return Stream.of(
"::/1", "8000::/2", "c000::/3", "e000::/4", "f000::/5", "f800::/6",
"fe00::/8", "2605:ef80:e:af1d::/64");
}
@Test
public void testProvidesRoutesToMostDestinations() {
final LinkProperties lp = new LinkProperties();
// Default route provides routes to all IPv4 destinations.
lp.addRoute(new RouteInfo(new IpPrefix("0.0.0.0/0")));
assertTrue(Vpn.providesRoutesToMostDestinations(lp));
// Empty LP provides routes to no destination
lp.clear();
assertFalse(Vpn.providesRoutesToMostDestinations(lp));
// All IPv4 routes except for local networks. This is the case most relevant
// to this function. It provides routes to almost the entire space.
// (clone the stream so that we can reuse it later)
publicIpV4Routes().forEach(s -> lp.addRoute(new RouteInfo(new IpPrefix(s))));
assertTrue(Vpn.providesRoutesToMostDestinations(lp));
// Removing a 16-bit prefix, which is 65536 addresses. This is still enough to
// provide routes to "most" destinations.
lp.removeRoute(new RouteInfo(new IpPrefix("192.169.0.0/16")));
assertTrue(Vpn.providesRoutesToMostDestinations(lp));
// Remove the /2 route, which represent a quarter of the available routing space.
// This LP does not provides routes to "most" destinations any more.
lp.removeRoute(new RouteInfo(new IpPrefix("64.0.0.0/2")));
assertFalse(Vpn.providesRoutesToMostDestinations(lp));
lp.clear();
publicIpV6Routes().forEach(s -> lp.addRoute(new RouteInfo(new IpPrefix(s))));
assertTrue(Vpn.providesRoutesToMostDestinations(lp));
lp.removeRoute(new RouteInfo(new IpPrefix("::/1")));
assertFalse(Vpn.providesRoutesToMostDestinations(lp));
// V6 does not provide sufficient coverage but v4 does
publicIpV4Routes().forEach(s -> lp.addRoute(new RouteInfo(new IpPrefix(s))));
assertTrue(Vpn.providesRoutesToMostDestinations(lp));
// V4 still does
lp.removeRoute(new RouteInfo(new IpPrefix("192.169.0.0/16")));
assertTrue(Vpn.providesRoutesToMostDestinations(lp));
// V4 does not any more
lp.removeRoute(new RouteInfo(new IpPrefix("64.0.0.0/2")));
assertFalse(Vpn.providesRoutesToMostDestinations(lp));
// V4 does not, but V6 has sufficient coverage again
lp.addRoute(new RouteInfo(new IpPrefix("::/1")));
assertTrue(Vpn.providesRoutesToMostDestinations(lp));
}
}