Have NetworkMonitor validate VPNs that request it.
Test: New test in Ikev2VpnTest
Also FrameworksNetTests
Change-Id: I7b1b172c4aa63014a2267faa08c6adcabe1d0796
diff --git a/common/moduleutils/src/android/net/shared/NetworkMonitorUtils.java b/common/moduleutils/src/android/net/shared/NetworkMonitorUtils.java
index b151cb9..583a356 100644
--- a/common/moduleutils/src/android/net/shared/NetworkMonitorUtils.java
+++ b/common/moduleutils/src/android/net/shared/NetworkMonitorUtils.java
@@ -26,9 +26,11 @@
import static android.net.NetworkCapabilities.TRANSPORT_ETHERNET;
import static android.net.NetworkCapabilities.TRANSPORT_WIFI;
+import android.annotation.NonNull;
import android.net.NetworkCapabilities;
import com.android.modules.utils.build.SdkLevel;
+import com.android.networkstack.apishim.common.NetworkAgentConfigShim;
/** @hide */
public class NetworkMonitorUtils {
@@ -67,9 +69,7 @@
* Return whether validation is required for private DNS in strict mode.
* @param nc Network capabilities of the network to test.
*/
- public static boolean isPrivateDnsValidationRequired(NetworkCapabilities nc) {
- if (nc == null) return false;
-
+ public static boolean isPrivateDnsValidationRequired(@NonNull final NetworkCapabilities nc) {
final boolean isVcnManaged = SdkLevel.isAtLeastS()
&& !nc.hasCapability(NET_CAPABILITY_NOT_VCN_MANAGED);
final boolean isOemPaid = nc.hasCapability(NET_CAPABILITY_OEM_PAID)
@@ -100,10 +100,15 @@
/**
* Return whether validation is required for a network.
+ * @param config Configuration of the network to test.
* @param nc Network capabilities of the network to test.
*/
- public static boolean isValidationRequired(NetworkCapabilities nc) {
+ public static boolean isValidationRequired(@NonNull final NetworkAgentConfigShim config,
+ @NonNull final NetworkCapabilities nc) {
// TODO: Consider requiring validation for DUN networks.
- return isPrivateDnsValidationRequired(nc) && nc.hasCapability(NET_CAPABILITY_NOT_VPN);
+ if (!nc.hasCapability(NET_CAPABILITY_NOT_VPN)) {
+ return config.isVpnValidationRequired();
+ }
+ return isPrivateDnsValidationRequired(nc);
}
}
diff --git a/src/com/android/server/connectivity/NetworkMonitor.java b/src/com/android/server/connectivity/NetworkMonitor.java
index 301462f..fd566c8 100755
--- a/src/com/android/server/connectivity/NetworkMonitor.java
+++ b/src/com/android/server/connectivity/NetworkMonitor.java
@@ -164,9 +164,11 @@
import com.android.networkstack.NetworkStackNotifier;
import com.android.networkstack.R;
import com.android.networkstack.apishim.CaptivePortalDataShimImpl;
+import com.android.networkstack.apishim.NetworkAgentConfigShimImpl;
import com.android.networkstack.apishim.NetworkInformationShimImpl;
import com.android.networkstack.apishim.api29.ConstantsShim;
import com.android.networkstack.apishim.common.CaptivePortalDataShim;
+import com.android.networkstack.apishim.common.NetworkAgentConfigShim;
import com.android.networkstack.apishim.common.NetworkInformationShim;
import com.android.networkstack.apishim.common.ShimUtils;
import com.android.networkstack.apishim.common.UnsupportedApiLevelException;
@@ -427,6 +429,7 @@
private final INetworkMonitorCallbacks mCallback;
private final int mCallbackVersion;
private final Network mCleartextDnsNetwork;
+ @NonNull
private final Network mNetwork;
private final TelephonyManager mTelephonyManager;
private final WifiManager mWifiManager;
@@ -460,7 +463,11 @@
private final int mEvaluatingBandwidthTimeoutMs;
private final AtomicInteger mNextEvaluatingBandwidthThreadId = new AtomicInteger(1);
+ @NonNull
+ private NetworkAgentConfigShim mNetworkAgentConfig;
+ @NonNull
private NetworkCapabilities mNetworkCapabilities;
+ @NonNull
private LinkProperties mLinkProperties;
@VisibleForTesting
@@ -647,6 +654,7 @@
// even before notifyNetworkConnected.
mLinkProperties = new LinkProperties();
mNetworkCapabilities = new NetworkCapabilities(null);
+ mNetworkAgentConfig = NetworkAgentConfigShimImpl.newInstance(null);
}
/**
@@ -712,7 +720,7 @@
private void updateConnectedNetworkAttributes(Message connectedMsg) {
final NetworkMonitorParameters params = (NetworkMonitorParameters) connectedMsg.obj;
- // TODO : also read the NetworkAgentConfig
+ mNetworkAgentConfig = NetworkAgentConfigShimImpl.newInstance(params.networkAgentConfig);
mLinkProperties = params.linkProperties;
mNetworkCapabilities = params.networkCapabilities;
suppressNotificationIfNetworkRestricted();
@@ -773,7 +781,7 @@
}
private boolean isValidationRequired() {
- return NetworkMonitorUtils.isValidationRequired(mNetworkCapabilities);
+ return NetworkMonitorUtils.isValidationRequired(mNetworkAgentConfig, mNetworkCapabilities);
}
private boolean isPrivateDnsValidationRequired() {
