1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.carrierdefaultapp; 18 19 import android.app.Activity; 20 import android.app.LoadedApk; 21 import android.content.Context; 22 import android.content.Intent; 23 import android.content.pm.ActivityInfo; 24 import android.content.pm.PackageInfo; 25 import android.content.pm.PackageManager; 26 import android.graphics.Bitmap; 27 import android.net.ConnectivityManager; 28 import android.net.ConnectivityManager.NetworkCallback; 29 import android.net.Network; 30 import android.net.NetworkCapabilities; 31 import android.net.NetworkRequest; 32 import android.net.Proxy; 33 import android.net.TrafficStats; 34 import android.net.Uri; 35 import android.net.http.SslError; 36 import android.os.Bundle; 37 import android.telephony.CarrierConfigManager; 38 import android.telephony.Rlog; 39 import android.telephony.SubscriptionManager; 40 import android.text.TextUtils; 41 import android.util.ArrayMap; 42 import android.util.Log; 43 import android.util.TypedValue; 44 import android.webkit.SslErrorHandler; 45 import android.webkit.WebChromeClient; 46 import android.webkit.WebSettings; 47 import android.webkit.WebView; 48 import android.webkit.WebViewClient; 49 import android.widget.ProgressBar; 50 import android.widget.TextView; 51 52 import com.android.internal.telephony.PhoneConstants; 53 import com.android.internal.telephony.TelephonyIntents; 54 import com.android.internal.util.ArrayUtils; 55 import com.android.internal.util.TrafficStatsConstants; 56 57 import java.io.IOException; 58 import java.lang.reflect.Field; 59 import java.lang.reflect.Method; 60 import java.net.HttpURLConnection; 61 import java.net.MalformedURLException; 62 import java.net.URL; 63 import java.util.Random; 64 65 /** 66 * Activity that launches in response to the captive portal notification 67 * @see com.android.carrierdefaultapp.CarrierActionUtils#CARRIER_ACTION_SHOW_PORTAL_NOTIFICATION 68 * This activity requests network connection if there is no available one before loading the real 69 * portal page and apply carrier actions on the portal activation result. 70 */ 71 public class CaptivePortalLoginActivity extends Activity { 72 private static final String TAG = CaptivePortalLoginActivity.class.getSimpleName(); 73 private static final boolean DBG = true; 74 75 private static final int SOCKET_TIMEOUT_MS = 10 * 1000; 76 private static final int NETWORK_REQUEST_TIMEOUT_MS = 5 * 1000; 77 78 private URL mUrl; 79 private Network mNetwork; 80 private NetworkCallback mNetworkCallback; 81 private ConnectivityManager mCm; 82 private WebView mWebView; 83 private MyWebViewClient mWebViewClient; 84 private boolean mLaunchBrowser = false; 85 private Thread mTestingThread = null; 86 private boolean mReload = false; 87 88 @Override onCreate(Bundle savedInstanceState)89 protected void onCreate(Bundle savedInstanceState) { 90 super.onCreate(savedInstanceState); 91 mCm = ConnectivityManager.from(this); 92 mUrl = getUrlForCaptivePortal(); 93 if (mUrl == null) { 94 done(false); 95 return; 96 } 97 if (DBG) logd(String.format("onCreate for %s", mUrl.toString())); 98 setContentView(R.layout.activity_captive_portal_login); 99 getActionBar().setDisplayShowHomeEnabled(false); 100 101 mWebView = findViewById(R.id.webview); 102 mWebView.clearCache(true); 103 WebSettings webSettings = mWebView.getSettings(); 104 webSettings.setJavaScriptEnabled(true); 105 webSettings.setMixedContentMode(WebSettings.MIXED_CONTENT_COMPATIBILITY_MODE); 106 webSettings.setUseWideViewPort(true); 107 webSettings.setLoadWithOverviewMode(true); 108 webSettings.setSupportZoom(true); 109 webSettings.setBuiltInZoomControls(true); 110 webSettings.setDomStorageEnabled(true); 111 mWebViewClient = new MyWebViewClient(); 112 mWebView.setWebViewClient(mWebViewClient); 113 mWebView.setWebChromeClient(new MyWebChromeClient()); 114 115 final Network network = getNetworkForCaptivePortal(); 116 if (network == null) { 117 requestNetworkForCaptivePortal(); 118 } else { 119 setNetwork(network); 120 // Start initial page load so WebView finishes loading proxy settings. 121 // Actual load of mUrl is initiated by MyWebViewClient. 122 mWebView.loadData("", "text/html", null); 123 } 124 } 125 126 @Override onBackPressed()127 public void onBackPressed() { 128 WebView myWebView = findViewById(R.id.webview); 129 if (myWebView.canGoBack() && mWebViewClient.allowBack()) { 130 myWebView.goBack(); 131 } else { 132 super.onBackPressed(); 133 } 134 } 135 136 @Override onDestroy()137 public void onDestroy() { 138 if (mLaunchBrowser) { 139 // Give time for this network to become default. After 500ms just proceed. 140 for (int i = 0; i < 5; i++) { 141 // TODO: This misses when mNetwork underlies a VPN. 142 if (mNetwork.equals(mCm.getActiveNetwork())) break; 143 try { 144 Thread.sleep(100); 145 } catch (InterruptedException e) { 146 } 147 } 148 final String url = mUrl.toString(); 149 if (DBG) logd("starting activity with intent ACTION_VIEW for " + url); 150 startActivity(new Intent(Intent.ACTION_VIEW, Uri.parse(url))); 151 } 152 153 if (mTestingThread != null) { 154 mTestingThread.interrupt(); 155 } 156 mWebView.destroy(); 157 releaseNetworkRequest(); 158 super.onDestroy(); 159 } 160 setNetwork(Network network)161 private void setNetwork(Network network) { 162 if (network != null) { 163 network = network.getPrivateDnsBypassingCopy(); 164 mCm.bindProcessToNetwork(network); 165 mCm.setProcessDefaultNetworkForHostResolution(network); 166 } 167 mNetwork = network; 168 } 169 170 // Find WebView's proxy BroadcastReceiver and prompt it to read proxy system properties. setWebViewProxy()171 private void setWebViewProxy() { 172 LoadedApk loadedApk = getApplication().mLoadedApk; 173 try { 174 Field receiversField = LoadedApk.class.getDeclaredField("mReceivers"); 175 receiversField.setAccessible(true); 176 ArrayMap receivers = (ArrayMap) receiversField.get(loadedApk); 177 for (Object receiverMap : receivers.values()) { 178 for (Object rec : ((ArrayMap) receiverMap).keySet()) { 179 Class clazz = rec.getClass(); 180 if (clazz.getName().contains("ProxyChangeListener")) { 181 Method onReceiveMethod = clazz.getDeclaredMethod("onReceive", Context.class, 182 Intent.class); 183 Intent intent = new Intent(Proxy.PROXY_CHANGE_ACTION); 184 onReceiveMethod.invoke(rec, getApplicationContext(), intent); 185 Log.v(TAG, "Prompting WebView proxy reload."); 186 } 187 } 188 } 189 } catch (Exception e) { 190 loge("Exception while setting WebView proxy: " + e); 191 } 192 } 193 done(boolean success)194 private void done(boolean success) { 195 if (DBG) logd(String.format("Result success %b for %s", success, 196 mUrl != null ? mUrl.toString() : "null")); 197 if (success) { 198 // Trigger re-evaluation upon success http response code 199 CarrierActionUtils.applyCarrierAction( 200 CarrierActionUtils.CARRIER_ACTION_RESET_ALL, getIntent(), 201 getApplicationContext()); 202 } 203 finishAndRemoveTask(); 204 } 205 getUrlForCaptivePortal()206 private URL getUrlForCaptivePortal() { 207 String url = getIntent().getStringExtra(TelephonyIntents.EXTRA_REDIRECTION_URL_KEY); 208 if (TextUtils.isEmpty(url)) url = mCm.getCaptivePortalServerUrl(); 209 final CarrierConfigManager configManager = getApplicationContext() 210 .getSystemService(CarrierConfigManager.class); 211 final int subId = getIntent().getIntExtra(PhoneConstants.SUBSCRIPTION_KEY, 212 SubscriptionManager.getDefaultVoiceSubscriptionId()); 213 final String[] portalURLs = configManager.getConfigForSubId(subId).getStringArray( 214 CarrierConfigManager.KEY_CARRIER_DEFAULT_REDIRECTION_URL_STRING_ARRAY); 215 if (!ArrayUtils.isEmpty(portalURLs)) { 216 for (String portalUrl : portalURLs) { 217 if (url.startsWith(portalUrl)) { 218 break; 219 } 220 } 221 url = null; 222 } 223 try { 224 return new URL(url); 225 } catch (MalformedURLException e) { 226 loge("Invalid captive portal URL " + url); 227 } 228 return null; 229 } 230 testForCaptivePortal()231 private void testForCaptivePortal() { 232 mTestingThread = new Thread(new Runnable() { 233 public void run() { 234 // Give time for captive portal to open. 235 try { 236 Thread.sleep(1000); 237 } catch (InterruptedException e) { 238 } 239 if (isFinishing() || isDestroyed()) return; 240 HttpURLConnection urlConnection = null; 241 int httpResponseCode = 500; 242 int oldTag = TrafficStats.getAndSetThreadStatsTag( 243 TrafficStatsConstants.TAG_SYSTEM_PROBE); 244 try { 245 urlConnection = (HttpURLConnection) mNetwork.openConnection( 246 new URL(mCm.getCaptivePortalServerUrl())); 247 urlConnection.setInstanceFollowRedirects(false); 248 urlConnection.setConnectTimeout(SOCKET_TIMEOUT_MS); 249 urlConnection.setReadTimeout(SOCKET_TIMEOUT_MS); 250 urlConnection.setUseCaches(false); 251 urlConnection.getInputStream(); 252 httpResponseCode = urlConnection.getResponseCode(); 253 } catch (IOException e) { 254 loge(e.getMessage()); 255 } finally { 256 if (urlConnection != null) urlConnection.disconnect(); 257 TrafficStats.setThreadStatsTag(oldTag); 258 } 259 if (httpResponseCode == 204) { 260 done(true); 261 } 262 } 263 }); 264 mTestingThread.start(); 265 } 266 getNetworkForCaptivePortal()267 private Network getNetworkForCaptivePortal() { 268 Network[] info = mCm.getAllNetworks(); 269 if (!ArrayUtils.isEmpty(info)) { 270 for (Network nw : info) { 271 final NetworkCapabilities nc = mCm.getNetworkCapabilities(nw); 272 if (nc.hasTransport(NetworkCapabilities.TRANSPORT_CELLULAR) 273 && nc.hasCapability(NetworkCapabilities.NET_CAPABILITY_INTERNET)) { 274 return nw; 275 } 276 } 277 } 278 return null; 279 } 280 requestNetworkForCaptivePortal()281 private void requestNetworkForCaptivePortal() { 282 NetworkRequest request = new NetworkRequest.Builder() 283 .addTransportType(NetworkCapabilities.TRANSPORT_CELLULAR) 284 .addCapability(NetworkCapabilities.NET_CAPABILITY_INTERNET) 285 .removeCapability(NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED) 286 .build(); 287 288 mNetworkCallback = new ConnectivityManager.NetworkCallback() { 289 @Override 290 public void onAvailable(Network network) { 291 if (DBG) logd("Network available: " + network); 292 setNetwork(network); 293 runOnUiThreadIfNotFinishing(() -> { 294 if (mReload) { 295 mWebView.reload(); 296 } else { 297 // Start initial page load so WebView finishes loading proxy settings. 298 // Actual load of mUrl is initiated by MyWebViewClient. 299 mWebView.loadData("", "text/html", null); 300 } 301 }); 302 } 303 304 @Override 305 public void onUnavailable() { 306 if (DBG) logd("Network unavailable"); 307 runOnUiThreadIfNotFinishing(() -> { 308 // Instead of not loading anything in webview, simply load the page and return 309 // HTTP error page in the absence of network connection. 310 mWebView.loadUrl(mUrl.toString()); 311 }); 312 } 313 314 @Override 315 public void onLost(Network lostNetwork) { 316 if (DBG) logd("Network lost"); 317 mReload = true; 318 } 319 }; 320 logd("request Network for captive portal"); 321 mCm.requestNetwork(request, mNetworkCallback, NETWORK_REQUEST_TIMEOUT_MS); 322 } 323 releaseNetworkRequest()324 private void releaseNetworkRequest() { 325 logd("release Network for captive portal"); 326 if (mNetworkCallback != null) { 327 mCm.unregisterNetworkCallback(mNetworkCallback); 328 mNetworkCallback = null; 329 mNetwork = null; 330 } 331 } 332 333 private class MyWebViewClient extends WebViewClient { 334 private static final String INTERNAL_ASSETS = "file:///android_asset/"; 335 private final String mBrowserBailOutToken = Long.toString(new Random().nextLong()); 336 // How many Android device-independent-pixels per scaled-pixel 337 // dp/sp = (px/sp) / (px/dp) = (1/sp) / (1/dp) 338 private final float mDpPerSp = TypedValue.applyDimension(TypedValue.COMPLEX_UNIT_SP, 1, 339 getResources().getDisplayMetrics()) 340 / TypedValue.applyDimension(TypedValue.COMPLEX_UNIT_DIP, 1, 341 getResources().getDisplayMetrics()); 342 private int mPagesLoaded; 343 344 // If we haven't finished cleaning up the history, don't allow going back. allowBack()345 public boolean allowBack() { 346 return mPagesLoaded > 1; 347 } 348 349 @Override onPageStarted(WebView view, String url, Bitmap favicon)350 public void onPageStarted(WebView view, String url, Bitmap favicon) { 351 if (url.contains(mBrowserBailOutToken)) { 352 mLaunchBrowser = true; 353 done(false); 354 return; 355 } 356 // The first page load is used only to cause the WebView to 357 // fetch the proxy settings. Don't update the URL bar, and 358 // don't check if the captive portal is still there. 359 if (mPagesLoaded == 0) return; 360 // For internally generated pages, leave URL bar listing prior URL as this is the URL 361 // the page refers to. 362 if (!url.startsWith(INTERNAL_ASSETS)) { 363 final TextView myUrlBar = findViewById(R.id.url_bar); 364 myUrlBar.setText(url); 365 } 366 if (mNetwork != null) { 367 testForCaptivePortal(); 368 } 369 } 370 371 @Override onPageFinished(WebView view, String url)372 public void onPageFinished(WebView view, String url) { 373 mPagesLoaded++; 374 if (mPagesLoaded == 1) { 375 // Now that WebView has loaded at least one page we know it has read in the proxy 376 // settings. Now prompt the WebView read the Network-specific proxy settings. 377 setWebViewProxy(); 378 // Load the real page. 379 view.loadUrl(mUrl.toString()); 380 return; 381 } else if (mPagesLoaded == 2) { 382 // Prevent going back to empty first page. 383 view.clearHistory(); 384 } 385 if (mNetwork != null) { 386 testForCaptivePortal(); 387 } 388 } 389 390 // Convert Android device-independent-pixels (dp) to HTML size. dp(int dp)391 private String dp(int dp) { 392 // HTML px's are scaled just like dp's, so just add "px" suffix. 393 return Integer.toString(dp) + "px"; 394 } 395 396 // Convert Android scaled-pixels (sp) to HTML size. sp(int sp)397 private String sp(int sp) { 398 // Convert sp to dp's. 399 float dp = sp * mDpPerSp; 400 // Apply a scale factor to make things look right. 401 dp *= 1.3; 402 // Convert dp's to HTML size. 403 return dp((int) dp); 404 } 405 406 // A web page consisting of a large broken lock icon to indicate SSL failure. 407 private final String SSL_ERROR_HTML = "<html><head><style>" 408 + "body { margin-left:" + dp(48) + "; margin-right:" + dp(48) + "; " 409 + "margin-top:" + dp(96) + "; background-color:#fafafa; }" 410 + "img { width:" + dp(48) + "; height:" + dp(48) + "; }" 411 + "div.warn { font-size:" + sp(16) + "; margin-top:" + dp(16) + "; " 412 + " opacity:0.87; line-height:1.28; }" 413 + "div.example { font-size:" + sp(14) + "; margin-top:" + dp(16) + "; " 414 + " opacity:0.54; line-height:1.21905; }" 415 + "a { font-size:" + sp(14) + "; text-decoration:none; text-transform:uppercase; " 416 + " margin-top:" + dp(24) + "; display:inline-block; color:#4285F4; " 417 + " height:" + dp(48) + "; font-weight:bold; }" 418 + "</style></head><body><p><img src=quantum_ic_warning_amber_96.png><br>" 419 + "<div class=warn>%s</div>" 420 + "<div class=example>%s</div>" + "<a href=%s>%s</a></body></html>"; 421 422 @Override onReceivedSslError(WebView view, SslErrorHandler handler, SslError error)423 public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) { 424 Log.w(TAG, "SSL error (error: " + error.getPrimaryError() + " host: " 425 // Only show host to avoid leaking private info. 426 + Uri.parse(error.getUrl()).getHost() + " certificate: " 427 + error.getCertificate() + "); displaying SSL warning."); 428 final String html = String.format(SSL_ERROR_HTML, getString(R.string.ssl_error_warning), 429 getString(R.string.ssl_error_example), mBrowserBailOutToken, 430 getString(R.string.ssl_error_continue)); 431 view.loadDataWithBaseURL(INTERNAL_ASSETS, html, "text/HTML", "UTF-8", null); 432 } 433 434 @Override shouldOverrideUrlLoading(WebView view, String url)435 public boolean shouldOverrideUrlLoading(WebView view, String url) { 436 if (url.startsWith("tel:")) { 437 startActivity(new Intent(Intent.ACTION_DIAL, Uri.parse(url))); 438 return true; 439 } 440 return false; 441 } 442 } 443 444 private class MyWebChromeClient extends WebChromeClient { 445 @Override onProgressChanged(WebView view, int newProgress)446 public void onProgressChanged(WebView view, int newProgress) { 447 final ProgressBar myProgressBar = findViewById(R.id.progress_bar); 448 myProgressBar.setProgress(newProgress); 449 } 450 } 451 runOnUiThreadIfNotFinishing(Runnable r)452 private void runOnUiThreadIfNotFinishing(Runnable r) { 453 if (!isFinishing()) { 454 runOnUiThread(r); 455 } 456 } 457 458 /** 459 * This alias presents the target activity, CaptivePortalLoginActivity, as a independent 460 * entity with its own intent filter to handle URL links. This alias will be enabled/disabled 461 * dynamically to handle url links based on the network conditions. 462 */ getAlias(Context context)463 public static String getAlias(Context context) { 464 try { 465 PackageInfo p = context.getPackageManager().getPackageInfo(context.getPackageName(), 466 PackageManager.GET_ACTIVITIES | PackageManager.MATCH_DISABLED_COMPONENTS); 467 for (ActivityInfo activityInfo : p.activities) { 468 String targetActivity = activityInfo.targetActivity; 469 if (CaptivePortalLoginActivity.class.getName().equals(targetActivity)) { 470 return activityInfo.name; 471 } 472 } 473 } catch (PackageManager.NameNotFoundException e) { 474 e.printStackTrace(); 475 } 476 return null; 477 } 478 logd(String s)479 private static void logd(String s) { 480 Rlog.d(TAG, s); 481 } 482 loge(String s)483 private static void loge(String s) { 484 Rlog.d(TAG, s); 485 } 486 487 } 488