LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add allowed capabilities on non cellular test networks

Browse Source 
This commit expands the allowed capabilities of non cellular test
networks to include another three values, so that CTS can verify
features that do network selection based on those capabilities.

It is relatively safe becuase for apps that request TRANSPORT_CELLULAR
and the affected capabilities, test networks will still not become their
default networks.

Bug: 263415068
Test: atest NetworkCapabilitiesTest(new tests)
Change-Id: I2e348e4722ecdaa6e277fe77968916ffa2f16af9
This commit is contained in:
Yan Yan
2023-03-03 19:05:53 +00:00
parent 5b95954882
commit acd71e68a6
2 changed files with 67 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
framework/src/android/net/NetworkCapabilities.java
View File

@@ -757,10 +757,10 @@ public final class NetworkCapabilities implements Parcelable {
NET_CAPABILITY_PARTIAL_CONNECTIVITY);
/**
* Capabilities that are allowed for test networks. This list must be set so that it is safe
* for an unprivileged user to create a network with these capabilities via shell. As such,
* it must never contain capabilities that are generally useful to the system, such as
* INTERNET, IMS, SUPL, etc.
* Capabilities that are allowed for all test networks. This list must be set so that it is safe
* for an unprivileged user to create a network with these capabilities via shell. As such, it
* must never contain capabilities that are generally useful to the system, such as INTERNET,
* IMS, SUPL, etc.
*/
private static final long TEST_NETWORKS_ALLOWED_CAPABILITIES =
BitUtils.packBitList(
@@ -773,6 +773,14 @@ public final class NetworkCapabilities implements Parcelable {
NET_CAPABILITY_NOT_SUSPENDED,
NET_CAPABILITY_NOT_VCN_MANAGED);
/**
* Extra allowed capabilities for test networks that do not have TRANSPORT_CELLULAR. Test
* networks with TRANSPORT_CELLULAR must not have those capabilities in order to mitigate
* the risk of being used by running apps.
*/
private static final long TEST_NETWORKS_EXTRA_ALLOWED_CAPABILITIES_ON_NON_CELL =
BitUtils.packBitList(NET_CAPABILITY_CBS, NET_CAPABILITY_DUN, NET_CAPABILITY_RCS);
/**
* Adds the given capability to this {@code NetworkCapability} instance.
* Note that when searching for a network to satisfy a request, all capabilities
@@ -1133,7 +1141,13 @@ public final class NetworkCapabilities implements Parcelable {
// If the test network is restricted, then it may declare any transport.
mTransportTypes = (originalTransportTypes | (1 << TRANSPORT_TEST));
}
mNetworkCapabilities = originalCapabilities & TEST_NETWORKS_ALLOWED_CAPABILITIES;
if (!hasTransport(TRANSPORT_CELLULAR)) {
mNetworkCapabilities |=
(originalCapabilities & TEST_NETWORKS_EXTRA_ALLOWED_CAPABILITIES_ON_NON_CELL);
}
mNetworkSpecifier = originalSpecifier;
mSignalStrength = originalSignalStrength;
mTransportInfo = originalTransportInfo;

54
tests/common/java/android/net/NetworkCapabilitiesTest.java
View File

@@ -21,6 +21,7 @@ import static android.net.NetworkCapabilities.MAX_TRANSPORT;
import static android.net.NetworkCapabilities.MIN_TRANSPORT;
import static android.net.NetworkCapabilities.NET_CAPABILITY_CAPTIVE_PORTAL;
import static android.net.NetworkCapabilities.NET_CAPABILITY_CBS;
import static android.net.NetworkCapabilities.NET_CAPABILITY_DUN;
import static android.net.NetworkCapabilities.NET_CAPABILITY_EIMS;
import static android.net.NetworkCapabilities.NET_CAPABILITY_ENTERPRISE;
import static android.net.NetworkCapabilities.NET_CAPABILITY_FOREGROUND;
@@ -36,6 +37,7 @@ import static android.net.NetworkCapabilities.NET_CAPABILITY_OEM_PRIVATE;
import static android.net.NetworkCapabilities.NET_CAPABILITY_PARTIAL_CONNECTIVITY;
import static android.net.NetworkCapabilities.NET_CAPABILITY_PRIORITIZE_BANDWIDTH;
import static android.net.NetworkCapabilities.NET_CAPABILITY_PRIORITIZE_LATENCY;
import static android.net.NetworkCapabilities.NET_CAPABILITY_RCS;
import static android.net.NetworkCapabilities.NET_CAPABILITY_SUPL;
import static android.net.NetworkCapabilities.NET_CAPABILITY_TRUSTED;
import static android.net.NetworkCapabilities.NET_CAPABILITY_VALIDATED;
@@ -113,6 +115,9 @@ public class NetworkCapabilitiesTest {
private static final int TEST_SUBID2 = 2;
private static final int TEST_SUBID3 = 3;
private static final Set<Integer> TEST_NETWORKS_EXTRA_ALLOWED_CAPS_ON_NON_CELL =
Set.of(NET_CAPABILITY_CBS, NET_CAPABILITY_DUN, NET_CAPABILITY_RCS);
@Rule
public DevSdkIgnoreRule mDevSdkIgnoreRule = new DevSdkIgnoreRule();
@@ -1321,16 +1326,31 @@ public class NetworkCapabilitiesTest {
}
@Test
public void testRestrictCapabilitiesForTestNetworkByNotOwnerWithRestrictedNc() {
testRestrictCapabilitiesForTestNetworkWithRestrictedNc(false /* isOwner */);
public void testRestrictCapabilitiesForTestNetworkRestrictedNc_NotOwner_NotCell() {
testRestrictCapabilitiesForTestNetworkWithRestrictedNc(
false /* isOwner */, false /* isCell */);
}
@Test
public void testRestrictCapabilitiesForTestNetworkByOwnerWithRestrictedNc() {
testRestrictCapabilitiesForTestNetworkWithRestrictedNc(true /* isOwner */);
public void testRestrictCapabilitiesForTestNetworkRestrictedNc_Owner_NotCell() {
testRestrictCapabilitiesForTestNetworkWithRestrictedNc(
true /* isOwner */, false /* isCell */);
}
private void testRestrictCapabilitiesForTestNetworkWithRestrictedNc(boolean isOwner) {
@Test
public void testRestrictCapabilitiesForTestNetworkRestrictedNc_NotOwner_Cell() {
testRestrictCapabilitiesForTestNetworkWithRestrictedNc(
false /* isOwner */, true /* isCell */);
}
@Test
public void testRestrictCapabilitiesForTestNetworkRestrictedNc_Owner_Cell() {
testRestrictCapabilitiesForTestNetworkWithRestrictedNc(
true /* isOwner */, false /* isCell */);
}
private void testRestrictCapabilitiesForTestNetworkWithRestrictedNc(
boolean isOwner, boolean isCell) {
final int ownerUid = 1234;
final int signalStrength = -80;
final int[] administratorUids = {1001, ownerUid};
@@ -1339,29 +1359,47 @@ public class NetworkCapabilitiesTest {
// the networkCapabilities will contain more than one transport type. However,
// networkCapabilities must have a single transport specified to use NetworkSpecifier. Thus,
// do not verify this part since it's verified in other tests.
final NetworkCapabilities restrictedNc = new NetworkCapabilities.Builder()
final NetworkCapabilities.Builder restrictedNcBuilder = new NetworkCapabilities.Builder()
.removeCapability(NET_CAPABILITY_NOT_RESTRICTED)
.addTransportType(TRANSPORT_CELLULAR)
.addCapability(NET_CAPABILITY_MMS)
.addCapability(NET_CAPABILITY_NOT_METERED)
.setAdministratorUids(administratorUids)
.setOwnerUid(ownerUid)
.setSignalStrength(signalStrength)
.setTransportInfo(transportInfo)
.setSubscriptionIds(Set.of(TEST_SUBID1)).build();
.setSubscriptionIds(Set.of(TEST_SUBID1));
for (int cap : TEST_NETWORKS_EXTRA_ALLOWED_CAPS_ON_NON_CELL) {
restrictedNcBuilder.addCapability(cap);
}
if (isCell) {
restrictedNcBuilder.addTransportType(TRANSPORT_CELLULAR);
}
final NetworkCapabilities restrictedNc = restrictedNcBuilder.build();
final int creatorUid = isOwner ? ownerUid : INVALID_UID;
restrictedNc.restrictCapabilitiesForTestNetwork(creatorUid);
final NetworkCapabilities.Builder expectedNcBuilder = new NetworkCapabilities.Builder()
.removeCapability(NET_CAPABILITY_NOT_RESTRICTED);
if (isCell) {
// If the test network is restricted, then the network may declare any transport, and
// appended with TRANSPORT_TEST.
expectedNcBuilder.addTransportType(TRANSPORT_CELLULAR);
}
expectedNcBuilder.addTransportType(TRANSPORT_TEST);
// Only TEST_NETWORKS_ALLOWED_CAPABILITIES will be kept.
expectedNcBuilder.addCapability(NET_CAPABILITY_NOT_METERED);
expectedNcBuilder.removeCapability(NET_CAPABILITY_TRUSTED);
if (!isCell) {
for (int cap : TEST_NETWORKS_EXTRA_ALLOWED_CAPS_ON_NON_CELL) {
expectedNcBuilder.addCapability(cap);
}
}
expectedNcBuilder.setSignalStrength(signalStrength).setTransportInfo(transportInfo);
if (creatorUid == ownerUid) {
// Only retain the owner and administrator UIDs if they match the app registering the