Merge "Add allowed capabilities on non cellular test networks"
This commit is contained in:
Yan Yan
@@ -757,10 +757,10 @@ public final class NetworkCapabilities implements Parcelable {
|
|||||||
NET_CAPABILITY_PARTIAL_CONNECTIVITY);
|
NET_CAPABILITY_PARTIAL_CONNECTIVITY);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Capabilities that are allowed for test networks. This list must be set so that it is safe
|
* Capabilities that are allowed for all test networks. This list must be set so that it is safe
|
||||||
* for an unprivileged user to create a network with these capabilities via shell. As such,
|
* for an unprivileged user to create a network with these capabilities via shell. As such, it
|
||||||
* it must never contain capabilities that are generally useful to the system, such as
|
* must never contain capabilities that are generally useful to the system, such as INTERNET,
|
||||||
* INTERNET, IMS, SUPL, etc.
|
* IMS, SUPL, etc.
|
||||||
*/
|
*/
|
||||||
private static final long TEST_NETWORKS_ALLOWED_CAPABILITIES =
|
private static final long TEST_NETWORKS_ALLOWED_CAPABILITIES =
|
||||||
BitUtils.packBitList(
|
BitUtils.packBitList(
|
||||||
@@ -773,6 +773,14 @@ public final class NetworkCapabilities implements Parcelable {
|
|||||||
NET_CAPABILITY_NOT_SUSPENDED,
|
NET_CAPABILITY_NOT_SUSPENDED,
|
||||||
NET_CAPABILITY_NOT_VCN_MANAGED);
|
NET_CAPABILITY_NOT_VCN_MANAGED);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Extra allowed capabilities for test networks that do not have TRANSPORT_CELLULAR. Test
|
||||||
|
* networks with TRANSPORT_CELLULAR must not have those capabilities in order to mitigate
|
||||||
|
* the risk of being used by running apps.
|
||||||
|
*/
|
||||||
|
private static final long TEST_NETWORKS_EXTRA_ALLOWED_CAPABILITIES_ON_NON_CELL =
|
||||||
|
BitUtils.packBitList(NET_CAPABILITY_CBS, NET_CAPABILITY_DUN, NET_CAPABILITY_RCS);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Adds the given capability to this {@code NetworkCapability} instance.
|
* Adds the given capability to this {@code NetworkCapability} instance.
|
||||||
* Note that when searching for a network to satisfy a request, all capabilities
|
* Note that when searching for a network to satisfy a request, all capabilities
|
||||||
@@ -1133,7 +1141,13 @@ public final class NetworkCapabilities implements Parcelable {
|
|||||||
// If the test network is restricted, then it may declare any transport.
|
// If the test network is restricted, then it may declare any transport.
|
||||||
mTransportTypes = (originalTransportTypes | (1 << TRANSPORT_TEST));
|
mTransportTypes = (originalTransportTypes | (1 << TRANSPORT_TEST));
|
||||||
}
|
}
|
||||||
|
|
||||||
mNetworkCapabilities = originalCapabilities & TEST_NETWORKS_ALLOWED_CAPABILITIES;
|
mNetworkCapabilities = originalCapabilities & TEST_NETWORKS_ALLOWED_CAPABILITIES;
|
||||||
|
if (!hasTransport(TRANSPORT_CELLULAR)) {
|
||||||
|
mNetworkCapabilities |=
|
||||||
|
(originalCapabilities & TEST_NETWORKS_EXTRA_ALLOWED_CAPABILITIES_ON_NON_CELL);
|
||||||
|
}
|
||||||
|
|
||||||
mNetworkSpecifier = originalSpecifier;
|
mNetworkSpecifier = originalSpecifier;
|
||||||
mSignalStrength = originalSignalStrength;
|
mSignalStrength = originalSignalStrength;
|
||||||
mTransportInfo = originalTransportInfo;
|
mTransportInfo = originalTransportInfo;
|
||||||
|
|||||||
@@ -21,6 +21,7 @@ import static android.net.NetworkCapabilities.MAX_TRANSPORT;
|
|||||||
import static android.net.NetworkCapabilities.MIN_TRANSPORT;
|
import static android.net.NetworkCapabilities.MIN_TRANSPORT;
|
||||||
import static android.net.NetworkCapabilities.NET_CAPABILITY_CAPTIVE_PORTAL;
|
import static android.net.NetworkCapabilities.NET_CAPABILITY_CAPTIVE_PORTAL;
|
||||||
import static android.net.NetworkCapabilities.NET_CAPABILITY_CBS;
|
import static android.net.NetworkCapabilities.NET_CAPABILITY_CBS;
|
||||||
|
import static android.net.NetworkCapabilities.NET_CAPABILITY_DUN;
|
||||||
import static android.net.NetworkCapabilities.NET_CAPABILITY_EIMS;
|
import static android.net.NetworkCapabilities.NET_CAPABILITY_EIMS;
|
||||||
import static android.net.NetworkCapabilities.NET_CAPABILITY_ENTERPRISE;
|
import static android.net.NetworkCapabilities.NET_CAPABILITY_ENTERPRISE;
|
||||||
import static android.net.NetworkCapabilities.NET_CAPABILITY_FOREGROUND;
|
import static android.net.NetworkCapabilities.NET_CAPABILITY_FOREGROUND;
|
||||||
@@ -36,6 +37,7 @@ import static android.net.NetworkCapabilities.NET_CAPABILITY_OEM_PRIVATE;
|
|||||||
import static android.net.NetworkCapabilities.NET_CAPABILITY_PARTIAL_CONNECTIVITY;
|
import static android.net.NetworkCapabilities.NET_CAPABILITY_PARTIAL_CONNECTIVITY;
|
||||||
import static android.net.NetworkCapabilities.NET_CAPABILITY_PRIORITIZE_BANDWIDTH;
|
import static android.net.NetworkCapabilities.NET_CAPABILITY_PRIORITIZE_BANDWIDTH;
|
||||||
import static android.net.NetworkCapabilities.NET_CAPABILITY_PRIORITIZE_LATENCY;
|
import static android.net.NetworkCapabilities.NET_CAPABILITY_PRIORITIZE_LATENCY;
|
||||||
|
import static android.net.NetworkCapabilities.NET_CAPABILITY_RCS;
|
||||||
import static android.net.NetworkCapabilities.NET_CAPABILITY_SUPL;
|
import static android.net.NetworkCapabilities.NET_CAPABILITY_SUPL;
|
||||||
import static android.net.NetworkCapabilities.NET_CAPABILITY_TRUSTED;
|
import static android.net.NetworkCapabilities.NET_CAPABILITY_TRUSTED;
|
||||||
import static android.net.NetworkCapabilities.NET_CAPABILITY_VALIDATED;
|
import static android.net.NetworkCapabilities.NET_CAPABILITY_VALIDATED;
|
||||||
@@ -113,6 +115,9 @@ public class NetworkCapabilitiesTest {
|
|||||||
private static final int TEST_SUBID2 = 2;
|
private static final int TEST_SUBID2 = 2;
|
||||||
private static final int TEST_SUBID3 = 3;
|
private static final int TEST_SUBID3 = 3;
|
||||||
|
|
||||||
|
private static final Set<Integer> TEST_NETWORKS_EXTRA_ALLOWED_CAPS_ON_NON_CELL =
|
||||||
|
Set.of(NET_CAPABILITY_CBS, NET_CAPABILITY_DUN, NET_CAPABILITY_RCS);
|
||||||
|
|
||||||
@Rule
|
@Rule
|
||||||
public DevSdkIgnoreRule mDevSdkIgnoreRule = new DevSdkIgnoreRule();
|
public DevSdkIgnoreRule mDevSdkIgnoreRule = new DevSdkIgnoreRule();
|
||||||
|
|
||||||
@@ -1321,16 +1326,31 @@ public class NetworkCapabilitiesTest {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testRestrictCapabilitiesForTestNetworkByNotOwnerWithRestrictedNc() {
|
public void testRestrictCapabilitiesForTestNetworkRestrictedNc_NotOwner_NotCell() {
|
||||||
testRestrictCapabilitiesForTestNetworkWithRestrictedNc(false /* isOwner */);
|
testRestrictCapabilitiesForTestNetworkWithRestrictedNc(
|
||||||
|
false /* isOwner */, false /* isCell */);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testRestrictCapabilitiesForTestNetworkByOwnerWithRestrictedNc() {
|
public void testRestrictCapabilitiesForTestNetworkRestrictedNc_Owner_NotCell() {
|
||||||
testRestrictCapabilitiesForTestNetworkWithRestrictedNc(true /* isOwner */);
|
testRestrictCapabilitiesForTestNetworkWithRestrictedNc(
|
||||||
|
true /* isOwner */, false /* isCell */);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void testRestrictCapabilitiesForTestNetworkWithRestrictedNc(boolean isOwner) {
|
@Test
|
||||||
|
public void testRestrictCapabilitiesForTestNetworkRestrictedNc_NotOwner_Cell() {
|
||||||
|
testRestrictCapabilitiesForTestNetworkWithRestrictedNc(
|
||||||
|
false /* isOwner */, true /* isCell */);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testRestrictCapabilitiesForTestNetworkRestrictedNc_Owner_Cell() {
|
||||||
|
testRestrictCapabilitiesForTestNetworkWithRestrictedNc(
|
||||||
|
true /* isOwner */, false /* isCell */);
|
||||||
|
}
|
||||||
|
|
||||||
|
private void testRestrictCapabilitiesForTestNetworkWithRestrictedNc(
|
||||||
|
boolean isOwner, boolean isCell) {
|
||||||
final int ownerUid = 1234;
|
final int ownerUid = 1234;
|
||||||
final int signalStrength = -80;
|
final int signalStrength = -80;
|
||||||
final int[] administratorUids = {1001, ownerUid};
|
final int[] administratorUids = {1001, ownerUid};
|
||||||
@@ -1339,29 +1359,47 @@ public class NetworkCapabilitiesTest {
|
|||||||
// the networkCapabilities will contain more than one transport type. However,
|
// the networkCapabilities will contain more than one transport type. However,
|
||||||
// networkCapabilities must have a single transport specified to use NetworkSpecifier. Thus,
|
// networkCapabilities must have a single transport specified to use NetworkSpecifier. Thus,
|
||||||
// do not verify this part since it's verified in other tests.
|
// do not verify this part since it's verified in other tests.
|
||||||
final NetworkCapabilities restrictedNc = new NetworkCapabilities.Builder()
|
final NetworkCapabilities.Builder restrictedNcBuilder = new NetworkCapabilities.Builder()
|
||||||
.removeCapability(NET_CAPABILITY_NOT_RESTRICTED)
|
.removeCapability(NET_CAPABILITY_NOT_RESTRICTED)
|
||||||
.addTransportType(TRANSPORT_CELLULAR)
|
|
||||||
.addCapability(NET_CAPABILITY_MMS)
|
.addCapability(NET_CAPABILITY_MMS)
|
||||||
.addCapability(NET_CAPABILITY_NOT_METERED)
|
.addCapability(NET_CAPABILITY_NOT_METERED)
|
||||||
.setAdministratorUids(administratorUids)
|
.setAdministratorUids(administratorUids)
|
||||||
.setOwnerUid(ownerUid)
|
.setOwnerUid(ownerUid)
|
||||||
.setSignalStrength(signalStrength)
|
.setSignalStrength(signalStrength)
|
||||||
.setTransportInfo(transportInfo)
|
.setTransportInfo(transportInfo)
|
||||||
.setSubscriptionIds(Set.of(TEST_SUBID1)).build();
|
.setSubscriptionIds(Set.of(TEST_SUBID1));
|
||||||
|
for (int cap : TEST_NETWORKS_EXTRA_ALLOWED_CAPS_ON_NON_CELL) {
|
||||||
|
restrictedNcBuilder.addCapability(cap);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isCell) {
|
||||||
|
restrictedNcBuilder.addTransportType(TRANSPORT_CELLULAR);
|
||||||
|
}
|
||||||
|
final NetworkCapabilities restrictedNc = restrictedNcBuilder.build();
|
||||||
|
|
||||||
final int creatorUid = isOwner ? ownerUid : INVALID_UID;
|
final int creatorUid = isOwner ? ownerUid : INVALID_UID;
|
||||||
restrictedNc.restrictCapabilitiesForTestNetwork(creatorUid);
|
restrictedNc.restrictCapabilitiesForTestNetwork(creatorUid);
|
||||||
|
|
||||||
final NetworkCapabilities.Builder expectedNcBuilder = new NetworkCapabilities.Builder()
|
final NetworkCapabilities.Builder expectedNcBuilder = new NetworkCapabilities.Builder()
|
||||||
.removeCapability(NET_CAPABILITY_NOT_RESTRICTED);
|
.removeCapability(NET_CAPABILITY_NOT_RESTRICTED);
|
||||||
// If the test network is restricted, then the network may declare any transport, and
|
|
||||||
// appended with TRANSPORT_TEST.
|
if (isCell) {
|
||||||
expectedNcBuilder.addTransportType(TRANSPORT_CELLULAR);
|
// If the test network is restricted, then the network may declare any transport, and
|
||||||
|
// appended with TRANSPORT_TEST.
|
||||||
|
expectedNcBuilder.addTransportType(TRANSPORT_CELLULAR);
|
||||||
|
}
|
||||||
expectedNcBuilder.addTransportType(TRANSPORT_TEST);
|
expectedNcBuilder.addTransportType(TRANSPORT_TEST);
|
||||||
|
|
||||||
// Only TEST_NETWORKS_ALLOWED_CAPABILITIES will be kept.
|
// Only TEST_NETWORKS_ALLOWED_CAPABILITIES will be kept.
|
||||||
expectedNcBuilder.addCapability(NET_CAPABILITY_NOT_METERED);
|
expectedNcBuilder.addCapability(NET_CAPABILITY_NOT_METERED);
|
||||||
expectedNcBuilder.removeCapability(NET_CAPABILITY_TRUSTED);
|
expectedNcBuilder.removeCapability(NET_CAPABILITY_TRUSTED);
|
||||||
|
|
||||||
|
if (!isCell) {
|
||||||
|
for (int cap : TEST_NETWORKS_EXTRA_ALLOWED_CAPS_ON_NON_CELL) {
|
||||||
|
expectedNcBuilder.addCapability(cap);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
expectedNcBuilder.setSignalStrength(signalStrength).setTransportInfo(transportInfo);
|
expectedNcBuilder.setSignalStrength(signalStrength).setTransportInfo(transportInfo);
|
||||||
if (creatorUid == ownerUid) {
|
if (creatorUid == ownerUid) {
|
||||||
// Only retain the owner and administrator UIDs if they match the app registering the
|
// Only retain the owner and administrator UIDs if they match the app registering the
|
||||||
|
|||||||
Reference in New Issue
Block a user