1 /*
2  * Copyright (C) 2021 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.net;
18 
19 import static android.annotation.SystemApi.Client.MODULE_LIBRARIES;
20 import static android.annotation.SystemApi.Client.PRIVILEGED_APPS;
21 import static android.net.NetworkCapabilities.REDACT_FOR_NETWORK_SETTINGS;
22 
23 import android.annotation.NonNull;
24 import android.annotation.Nullable;
25 import android.annotation.SystemApi;
26 import android.net.NetworkCapabilities.RedactionType;
27 import android.os.Parcel;
28 import android.os.Parcelable;
29 import android.text.TextUtils;
30 
31 import androidx.annotation.RequiresApi;
32 
33 import com.android.modules.utils.build.SdkLevel;
34 
35 import java.util.Objects;
36 
37 /**
38  * Container for VPN-specific transport information.
39  *
40  * @see android.net.TransportInfo
41  * @see NetworkCapabilities#getTransportInfo()
42  *
43  * @hide
44  */
45 @SystemApi(client = PRIVILEGED_APPS)
46 public final class VpnTransportInfo implements TransportInfo, Parcelable {
47     /** Type of this VPN. */
48     private final int mType;
49 
50     @Nullable
51     private final String mSessionId;
52 
53     private final boolean mBypassable;
54 
55     private final boolean mLongLivedTcpConnectionsExpensive;
56 
57     // TODO: Refer to Build.VERSION_CODES when it's available in every branch.
58     private static final int UPSIDE_DOWN_CAKE = 34;
59 
60     /** @hide */
61     @SystemApi(client = MODULE_LIBRARIES)
62     @Override
getApplicableRedactions()63     public @RedactionType long getApplicableRedactions() {
64         return REDACT_FOR_NETWORK_SETTINGS;
65     }
66 
67     /**
68      * Create a copy of a {@link VpnTransportInfo} with the sessionId redacted if necessary.
69      * @hide
70      */
71     @NonNull
72     @SystemApi(client = MODULE_LIBRARIES)
makeCopy(@edactionType long redactions)73     public VpnTransportInfo makeCopy(@RedactionType long redactions) {
74         return new VpnTransportInfo(mType,
75             ((redactions & REDACT_FOR_NETWORK_SETTINGS) != 0) ? null : mSessionId,
76             mBypassable, mLongLivedTcpConnectionsExpensive);
77     }
78 
79     /**
80      * @deprecated please use {@link VpnTransportInfo(int,String,boolean,boolean)}.
81      * @hide
82      */
83     @Deprecated
84     @SystemApi(client = MODULE_LIBRARIES)
VpnTransportInfo(int type, @Nullable String sessionId)85     public VpnTransportInfo(int type, @Nullable String sessionId) {
86         // When the module runs on older SDKs, |bypassable| will always be false since the old Vpn
87         // code will call this constructor. For Settings VPNs, this is always correct as they are
88         // never bypassable. For VpnManager and VpnService types, this may be wrong since both of
89         // them have a choice. However, on these SDKs VpnTransportInfo#isBypassable is not
90         // available anyway, so this should be harmless. False is a better choice than true here
91         // regardless because it is the default value for both VpnManager and VpnService if the app
92         // does not do anything about it.
93         this(type, sessionId, false /* bypassable */, false /* longLivedTcpConnectionsExpensive */);
94     }
95 
96     /**
97      * Construct a new VpnTransportInfo object.
98      */
VpnTransportInfo(int type, @Nullable String sessionId, boolean bypassable, boolean longLivedTcpConnectionsExpensive)99     public VpnTransportInfo(int type, @Nullable String sessionId, boolean bypassable,
100             boolean longLivedTcpConnectionsExpensive) {
101         this.mType = type;
102         this.mSessionId = sessionId;
103         this.mBypassable = bypassable;
104         this.mLongLivedTcpConnectionsExpensive = longLivedTcpConnectionsExpensive;
105     }
106 
107     /**
108      * Returns whether the VPN is allowing bypass.
109      *
110      * This method is not supported in SDK below U, and will throw
111      * {@code UnsupportedOperationException} if called.
112      */
113     @RequiresApi(UPSIDE_DOWN_CAKE)
isBypassable()114     public boolean isBypassable() {
115         if (!SdkLevel.isAtLeastU()) {
116             throw new UnsupportedOperationException("Not supported before U");
117         }
118 
119         return mBypassable;
120     }
121 
122     /**
123      * Returns whether long-lived TCP connections are expensive on the VPN network.
124      *
125      * If there are long-lived TCP connections over the VPN, over some networks the
126      * VPN needs to regularly send packets to keep the network alive to keep these
127      * connections working, which wakes up the device radio. On some networks, this
128      * can become extremely expensive in terms of battery. The system knows to send
129      * these keepalive packets only when necessary, i.e. when there are long-lived
130      * TCP connections opened over the VPN, meaning on these networks establishing
131      * a long-lived TCP connection will have a very noticeable impact on battery
132      * life.
133      *
134      * VPNs can be bypassable or not. When the VPN is not bypassable, the user has
135      * expressed explicit intent to have no connection outside of the VPN, so even
136      * privileged apps with permission to bypass non-bypassable VPNs should not do
137      * so. See {@link #isBypassable()}.
138      * For bypassable VPNs however, the user expects apps choose reasonable tradeoffs
139      * about whether they use the VPN.
140      *
141      * Components that establish long-lived, encrypted TCP connections are encouraged
142      * to look up this value to decide whether to open their connection over a VPN
143      * or to bypass it. While VPNs do not typically provide privacy or security
144      * benefits to encrypted connections, the user generally still expects the
145      * connections to choose to use the VPN by default, but also do not expect this
146      * comes at the price of drastically reduced battery life. This method provides
147      * a hint about whether the battery cost of opening such a connection is high.
148      */
areLongLivedTcpConnectionsExpensive()149     public boolean areLongLivedTcpConnectionsExpensive() {
150         return mLongLivedTcpConnectionsExpensive;
151     }
152 
153     /**
154      * Returns the session Id of this VpnTransportInfo.
155      * @hide
156      */
157     @SystemApi(client = MODULE_LIBRARIES)
158     @Nullable
getSessionId()159     public String getSessionId() {
160         return mSessionId;
161     }
162 
163     /**
164      * Returns the type of this VPN.
165      */
getType()166     public int getType() {
167         return mType;
168     }
169 
170     @Override
equals(Object o)171     public boolean equals(Object o) {
172         if (!(o instanceof VpnTransportInfo)) return false;
173 
174         VpnTransportInfo that = (VpnTransportInfo) o;
175         return (this.mType == that.mType) && TextUtils.equals(this.mSessionId, that.mSessionId)
176                 && (this.mBypassable == that.mBypassable)
177                 && (this.mLongLivedTcpConnectionsExpensive
178                 == that.mLongLivedTcpConnectionsExpensive);
179     }
180 
181     @Override
hashCode()182     public int hashCode() {
183         return Objects.hash(mType, mSessionId, mBypassable, mLongLivedTcpConnectionsExpensive);
184     }
185 
186     @Override
toString()187     public String toString() {
188         return String.format("VpnTransportInfo{type=%d, sessionId=%s, bypassable=%b "
189                         + "longLivedTcpConnectionsExpensive=%b}",
190                 mType, mSessionId, mBypassable, mLongLivedTcpConnectionsExpensive);
191     }
192 
193     @Override
describeContents()194     public int describeContents() {
195         return 0;
196     }
197 
198     @Override
writeToParcel(@onNull Parcel dest, int flags)199     public void writeToParcel(@NonNull Parcel dest, int flags) {
200         dest.writeInt(mType);
201         dest.writeString(mSessionId);
202         dest.writeBoolean(mBypassable);
203         dest.writeBoolean(mLongLivedTcpConnectionsExpensive);
204     }
205 
206     public static final @NonNull Creator<VpnTransportInfo> CREATOR =
207             new Creator<VpnTransportInfo>() {
208         public VpnTransportInfo createFromParcel(Parcel in) {
209             return new VpnTransportInfo(
210                     in.readInt(), in.readString(), in.readBoolean(), in.readBoolean());
211         }
212         public VpnTransportInfo[] newArray(int size) {
213             return new VpnTransportInfo[size];
214         }
215     };
216 }
217