Add and implement API for VpnManagers to request validation

This adds a new API that lets VPN apps using VpnManager request that the platform run its basic validation check on the resulting network. Bug: 184750836 Test: atest FrameworksNetTests Change-Id: I00092eee857d3e33529b19461cfd5dd060a0fe20
2022-01-27 17:08:41 +08:00
parent d262e71965
commit 865511a8c4
4 changed files with 88 additions and 8 deletions
--- a/framework/src/android/net/NetworkAgentConfig.java
+++ b/framework/src/android/net/NetworkAgentConfig.java
@@ -34,6 +34,8 @@ import java.util.Objects;
 */
@SystemApi
 public final class NetworkAgentConfig implements Parcelable {
+    // TODO : make this object immutable. The fields that should stay mutable should likely
+    // migrate to NetworkAgentInfo.

    /**
     * If the {@link Network} is a VPN, whether apps are allowed to bypass the
@@ -246,6 +248,27 @@ public final class NetworkAgentConfig implements Parcelable {
        return excludeLocalRouteVpn;
    }

+    /**
+     * Whether network validation should be performed for this VPN network.
+     * {@see #getVpnRequiresValidation}
+     * @hide
+     */
+    private boolean mVpnRequiresValidation = false;
+
+    /**
+     * Whether network validation should be performed for this VPN network.
+     *
+     * If this network isn't a VPN this should always be {@code false}, and will be ignored
+     * if set.
+     * If this network is a VPN, false means this network should always be considered validated;
+     * true means it follows the same validation semantics as general internet networks.
+     * @hide
+     */
+    @SystemApi(client = MODULE_LIBRARIES)
+    public boolean getVpnRequiresValidation() {
+        return mVpnRequiresValidation;
+    }
+
    /** @hide */
    public NetworkAgentConfig() {
    }
@@ -266,6 +289,7 @@ public final class NetworkAgentConfig implements Parcelable {
            legacySubTypeName = nac.legacySubTypeName;
            mLegacyExtraInfo = nac.mLegacyExtraInfo;
            excludeLocalRouteVpn = nac.excludeLocalRouteVpn;
+            mVpnRequiresValidation = nac.mVpnRequiresValidation;
        }
    }

@@ -408,6 +432,25 @@ public final class NetworkAgentConfig implements Parcelable {
            return this;
        }

+        /**
+         * Sets whether network validation should be performed for this VPN network.
+         *
+         * Only agents registering a VPN network should use this setter. On other network
+         * types it will be ignored.
+         * False means this network should always be considered validated;
+         * true means it follows the same validation semantics as general internet.
+         *
+         * @param vpnRequiresValidation whether this VPN requires validation.
+         *                              Default is {@code false}.
+         * @hide
+         */
+        @NonNull
+        @SystemApi(client = MODULE_LIBRARIES)
+        public Builder setVpnRequiresValidation(boolean vpnRequiresValidation) {
+            mConfig.mVpnRequiresValidation = vpnRequiresValidation;
+            return this;
+        }
+
        /**
         * Sets whether the apps can bypass the VPN connection.
         *
@@ -458,14 +501,16 @@ public final class NetworkAgentConfig implements Parcelable {
                && Objects.equals(subscriberId, that.subscriberId)
                && Objects.equals(legacyTypeName, that.legacyTypeName)
                && Objects.equals(mLegacyExtraInfo, that.mLegacyExtraInfo)
-                && excludeLocalRouteVpn == that.excludeLocalRouteVpn;
+                && excludeLocalRouteVpn == that.excludeLocalRouteVpn
+                && mVpnRequiresValidation == that.mVpnRequiresValidation;
    }

    @Override
    public int hashCode() {
        return Objects.hash(allowBypass, explicitlySelected, acceptUnvalidated,
                acceptPartialConnectivity, provisioningNotificationDisabled, subscriberId,
-                skip464xlat, legacyType, legacyTypeName, mLegacyExtraInfo, excludeLocalRouteVpn);
+                skip464xlat, legacyType, legacyTypeName, mLegacyExtraInfo, excludeLocalRouteVpn,
+                mVpnRequiresValidation);
    }

    @Override
@@ -483,6 +528,7 @@ public final class NetworkAgentConfig implements Parcelable {
                + ", legacyTypeName = '" + legacyTypeName + '\''
                + ", legacyExtraInfo = '" + mLegacyExtraInfo + '\''
                + ", excludeLocalRouteVpn = '" + excludeLocalRouteVpn + '\''
+                + ", vpnRequiresValidation = '" + mVpnRequiresValidation + '\''
                + "}";
    }

@@ -506,6 +552,7 @@ public final class NetworkAgentConfig implements Parcelable {
        out.writeString(legacySubTypeName);
        out.writeString(mLegacyExtraInfo);
        out.writeInt(excludeLocalRouteVpn ? 1 : 0);
+        out.writeInt(mVpnRequiresValidation ? 1 : 0);
    }

    public static final @NonNull Creator<NetworkAgentConfig> CREATOR =
@@ -526,6 +573,7 @@ public final class NetworkAgentConfig implements Parcelable {
            networkAgentConfig.legacySubTypeName = in.readString();
            networkAgentConfig.mLegacyExtraInfo = in.readString();
            networkAgentConfig.excludeLocalRouteVpn = in.readInt() != 0;
+            networkAgentConfig.mVpnRequiresValidation = in.readInt() != 0;
            return networkAgentConfig;
        }