diff --git a/framework/src/android/net/NetworkCapabilities.java b/framework/src/android/net/NetworkCapabilities.java index 324f5652ba..cd2daf0f7f 100644 --- a/framework/src/android/net/NetworkCapabilities.java +++ b/framework/src/android/net/NetworkCapabilities.java @@ -757,10 +757,10 @@ public final class NetworkCapabilities implements Parcelable { NET_CAPABILITY_PARTIAL_CONNECTIVITY); /** - * Capabilities that are allowed for test networks. This list must be set so that it is safe - * for an unprivileged user to create a network with these capabilities via shell. As such, - * it must never contain capabilities that are generally useful to the system, such as - * INTERNET, IMS, SUPL, etc. + * Capabilities that are allowed for all test networks. This list must be set so that it is safe + * for an unprivileged user to create a network with these capabilities via shell. As such, it + * must never contain capabilities that are generally useful to the system, such as INTERNET, + * IMS, SUPL, etc. */ private static final long TEST_NETWORKS_ALLOWED_CAPABILITIES = BitUtils.packBitList( @@ -773,6 +773,14 @@ public final class NetworkCapabilities implements Parcelable { NET_CAPABILITY_NOT_SUSPENDED, NET_CAPABILITY_NOT_VCN_MANAGED); + /** + * Extra allowed capabilities for test networks that do not have TRANSPORT_CELLULAR. Test + * networks with TRANSPORT_CELLULAR must not have those capabilities in order to mitigate + * the risk of being used by running apps. + */ + private static final long TEST_NETWORKS_EXTRA_ALLOWED_CAPABILITIES_ON_NON_CELL = + BitUtils.packBitList(NET_CAPABILITY_CBS, NET_CAPABILITY_DUN, NET_CAPABILITY_RCS); + /** * Adds the given capability to this {@code NetworkCapability} instance. * Note that when searching for a network to satisfy a request, all capabilities @@ -1133,7 +1141,13 @@ public final class NetworkCapabilities implements Parcelable { // If the test network is restricted, then it may declare any transport. mTransportTypes = (originalTransportTypes | (1 << TRANSPORT_TEST)); } + mNetworkCapabilities = originalCapabilities & TEST_NETWORKS_ALLOWED_CAPABILITIES; + if (!hasTransport(TRANSPORT_CELLULAR)) { + mNetworkCapabilities |= + (originalCapabilities & TEST_NETWORKS_EXTRA_ALLOWED_CAPABILITIES_ON_NON_CELL); + } + mNetworkSpecifier = originalSpecifier; mSignalStrength = originalSignalStrength; mTransportInfo = originalTransportInfo; diff --git a/tests/common/java/android/net/NetworkCapabilitiesTest.java b/tests/common/java/android/net/NetworkCapabilitiesTest.java index 7b374d2384..06af3c0d0f 100644 --- a/tests/common/java/android/net/NetworkCapabilitiesTest.java +++ b/tests/common/java/android/net/NetworkCapabilitiesTest.java @@ -21,6 +21,7 @@ import static android.net.NetworkCapabilities.MAX_TRANSPORT; import static android.net.NetworkCapabilities.MIN_TRANSPORT; import static android.net.NetworkCapabilities.NET_CAPABILITY_CAPTIVE_PORTAL; import static android.net.NetworkCapabilities.NET_CAPABILITY_CBS; +import static android.net.NetworkCapabilities.NET_CAPABILITY_DUN; import static android.net.NetworkCapabilities.NET_CAPABILITY_EIMS; import static android.net.NetworkCapabilities.NET_CAPABILITY_ENTERPRISE; import static android.net.NetworkCapabilities.NET_CAPABILITY_FOREGROUND; @@ -36,6 +37,7 @@ import static android.net.NetworkCapabilities.NET_CAPABILITY_OEM_PRIVATE; import static android.net.NetworkCapabilities.NET_CAPABILITY_PARTIAL_CONNECTIVITY; import static android.net.NetworkCapabilities.NET_CAPABILITY_PRIORITIZE_BANDWIDTH; import static android.net.NetworkCapabilities.NET_CAPABILITY_PRIORITIZE_LATENCY; +import static android.net.NetworkCapabilities.NET_CAPABILITY_RCS; import static android.net.NetworkCapabilities.NET_CAPABILITY_SUPL; import static android.net.NetworkCapabilities.NET_CAPABILITY_TRUSTED; import static android.net.NetworkCapabilities.NET_CAPABILITY_VALIDATED; @@ -113,6 +115,9 @@ public class NetworkCapabilitiesTest { private static final int TEST_SUBID2 = 2; private static final int TEST_SUBID3 = 3; + private static final Set TEST_NETWORKS_EXTRA_ALLOWED_CAPS_ON_NON_CELL = + Set.of(NET_CAPABILITY_CBS, NET_CAPABILITY_DUN, NET_CAPABILITY_RCS); + @Rule public DevSdkIgnoreRule mDevSdkIgnoreRule = new DevSdkIgnoreRule(); @@ -1321,16 +1326,31 @@ public class NetworkCapabilitiesTest { } @Test - public void testRestrictCapabilitiesForTestNetworkByNotOwnerWithRestrictedNc() { - testRestrictCapabilitiesForTestNetworkWithRestrictedNc(false /* isOwner */); + public void testRestrictCapabilitiesForTestNetworkRestrictedNc_NotOwner_NotCell() { + testRestrictCapabilitiesForTestNetworkWithRestrictedNc( + false /* isOwner */, false /* isCell */); } @Test - public void testRestrictCapabilitiesForTestNetworkByOwnerWithRestrictedNc() { - testRestrictCapabilitiesForTestNetworkWithRestrictedNc(true /* isOwner */); + public void testRestrictCapabilitiesForTestNetworkRestrictedNc_Owner_NotCell() { + testRestrictCapabilitiesForTestNetworkWithRestrictedNc( + true /* isOwner */, false /* isCell */); } - private void testRestrictCapabilitiesForTestNetworkWithRestrictedNc(boolean isOwner) { + @Test + public void testRestrictCapabilitiesForTestNetworkRestrictedNc_NotOwner_Cell() { + testRestrictCapabilitiesForTestNetworkWithRestrictedNc( + false /* isOwner */, true /* isCell */); + } + + @Test + public void testRestrictCapabilitiesForTestNetworkRestrictedNc_Owner_Cell() { + testRestrictCapabilitiesForTestNetworkWithRestrictedNc( + true /* isOwner */, false /* isCell */); + } + + private void testRestrictCapabilitiesForTestNetworkWithRestrictedNc( + boolean isOwner, boolean isCell) { final int ownerUid = 1234; final int signalStrength = -80; final int[] administratorUids = {1001, ownerUid}; @@ -1339,29 +1359,47 @@ public class NetworkCapabilitiesTest { // the networkCapabilities will contain more than one transport type. However, // networkCapabilities must have a single transport specified to use NetworkSpecifier. Thus, // do not verify this part since it's verified in other tests. - final NetworkCapabilities restrictedNc = new NetworkCapabilities.Builder() + final NetworkCapabilities.Builder restrictedNcBuilder = new NetworkCapabilities.Builder() .removeCapability(NET_CAPABILITY_NOT_RESTRICTED) - .addTransportType(TRANSPORT_CELLULAR) .addCapability(NET_CAPABILITY_MMS) .addCapability(NET_CAPABILITY_NOT_METERED) .setAdministratorUids(administratorUids) .setOwnerUid(ownerUid) .setSignalStrength(signalStrength) .setTransportInfo(transportInfo) - .setSubscriptionIds(Set.of(TEST_SUBID1)).build(); + .setSubscriptionIds(Set.of(TEST_SUBID1)); + for (int cap : TEST_NETWORKS_EXTRA_ALLOWED_CAPS_ON_NON_CELL) { + restrictedNcBuilder.addCapability(cap); + } + + if (isCell) { + restrictedNcBuilder.addTransportType(TRANSPORT_CELLULAR); + } + final NetworkCapabilities restrictedNc = restrictedNcBuilder.build(); + final int creatorUid = isOwner ? ownerUid : INVALID_UID; restrictedNc.restrictCapabilitiesForTestNetwork(creatorUid); final NetworkCapabilities.Builder expectedNcBuilder = new NetworkCapabilities.Builder() .removeCapability(NET_CAPABILITY_NOT_RESTRICTED); - // If the test network is restricted, then the network may declare any transport, and - // appended with TRANSPORT_TEST. - expectedNcBuilder.addTransportType(TRANSPORT_CELLULAR); + + if (isCell) { + // If the test network is restricted, then the network may declare any transport, and + // appended with TRANSPORT_TEST. + expectedNcBuilder.addTransportType(TRANSPORT_CELLULAR); + } expectedNcBuilder.addTransportType(TRANSPORT_TEST); + // Only TEST_NETWORKS_ALLOWED_CAPABILITIES will be kept. expectedNcBuilder.addCapability(NET_CAPABILITY_NOT_METERED); expectedNcBuilder.removeCapability(NET_CAPABILITY_TRUSTED); + if (!isCell) { + for (int cap : TEST_NETWORKS_EXTRA_ALLOWED_CAPS_ON_NON_CELL) { + expectedNcBuilder.addCapability(cap); + } + } + expectedNcBuilder.setSignalStrength(signalStrength).setTransportInfo(transportInfo); if (creatorUid == ownerUid) { // Only retain the owner and administrator UIDs if they match the app registering the