Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2014 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package com.android.server.connectivity; |
| 18 | |
| 19 | import static android.net.CaptivePortal.APP_RETURN_DISMISSED; |
| 20 | import static android.net.CaptivePortal.APP_RETURN_UNWANTED; |
| 21 | import static android.net.CaptivePortal.APP_RETURN_WANTED_AS_IS; |
| 22 | import static android.net.ConnectivityManager.EXTRA_CAPTIVE_PORTAL_PROBE_SPEC; |
| 23 | import static android.net.ConnectivityManager.EXTRA_CAPTIVE_PORTAL_URL; |
| 24 | import static android.net.ConnectivityManager.TYPE_MOBILE; |
| 25 | import static android.net.ConnectivityManager.TYPE_WIFI; |
| 26 | import static android.net.INetworkMonitor.NETWORK_TEST_RESULT_INVALID; |
Remi NGUYEN VAN | a0983f7 | 2019-01-20 16:50:42 +0900 | [diff] [blame] | 27 | import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_METERED; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 28 | import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR; |
| 29 | import static android.net.NetworkCapabilities.TRANSPORT_WIFI; |
| 30 | import static android.net.metrics.ValidationProbeEvent.DNS_FAILURE; |
| 31 | import static android.net.metrics.ValidationProbeEvent.DNS_SUCCESS; |
| 32 | import static android.net.metrics.ValidationProbeEvent.PROBE_FALLBACK; |
| 33 | import static android.net.metrics.ValidationProbeEvent.PROBE_PRIVDNS; |
Remi NGUYEN VAN | abeaaf7 | 2019-01-20 13:48:19 +0900 | [diff] [blame] | 34 | import static android.net.util.NetworkStackUtils.isEmpty; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 35 | |
Chiachang Wang | 8b5f84a | 2019-02-22 11:13:07 +0800 | [diff] [blame^] | 36 | import android.annotation.NonNull; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 37 | import android.annotation.Nullable; |
| 38 | import android.app.PendingIntent; |
| 39 | import android.content.BroadcastReceiver; |
| 40 | import android.content.Context; |
| 41 | import android.content.Intent; |
| 42 | import android.content.IntentFilter; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 43 | import android.net.ConnectivityManager; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 44 | import android.net.INetworkMonitor; |
| 45 | import android.net.INetworkMonitorCallbacks; |
| 46 | import android.net.LinkProperties; |
| 47 | import android.net.Network; |
| 48 | import android.net.NetworkCapabilities; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 49 | import android.net.ProxyInfo; |
| 50 | import android.net.TrafficStats; |
| 51 | import android.net.Uri; |
| 52 | import android.net.captiveportal.CaptivePortalProbeResult; |
| 53 | import android.net.captiveportal.CaptivePortalProbeSpec; |
Chiachang Wang | 8b5f84a | 2019-02-22 11:13:07 +0800 | [diff] [blame^] | 54 | import android.net.metrics.DataStallDetectionStats; |
| 55 | import android.net.metrics.DataStallStatsUtils; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 56 | import android.net.metrics.IpConnectivityLog; |
| 57 | import android.net.metrics.NetworkEvent; |
| 58 | import android.net.metrics.ValidationProbeEvent; |
| 59 | import android.net.shared.NetworkMonitorUtils; |
| 60 | import android.net.shared.PrivateDnsConfig; |
| 61 | import android.net.util.SharedLog; |
| 62 | import android.net.util.Stopwatch; |
| 63 | import android.net.wifi.WifiInfo; |
| 64 | import android.net.wifi.WifiManager; |
Remi NGUYEN VAN | 56fcae3 | 2019-02-04 11:32:20 +0900 | [diff] [blame] | 65 | import android.os.Bundle; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 66 | import android.os.Message; |
| 67 | import android.os.RemoteException; |
| 68 | import android.os.SystemClock; |
| 69 | import android.os.UserHandle; |
| 70 | import android.provider.Settings; |
Chiachang Wang | b04f81c | 2019-02-14 09:30:58 +0800 | [diff] [blame] | 71 | import android.telephony.AccessNetworkConstants; |
Chiachang Wang | 8b5f84a | 2019-02-22 11:13:07 +0800 | [diff] [blame^] | 72 | import android.telephony.CellSignalStrength; |
Chiachang Wang | b04f81c | 2019-02-14 09:30:58 +0800 | [diff] [blame] | 73 | import android.telephony.NetworkRegistrationState; |
| 74 | import android.telephony.ServiceState; |
Chiachang Wang | 8b5f84a | 2019-02-22 11:13:07 +0800 | [diff] [blame^] | 75 | import android.telephony.SignalStrength; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 76 | import android.telephony.TelephonyManager; |
| 77 | import android.text.TextUtils; |
| 78 | import android.util.Log; |
| 79 | |
| 80 | import com.android.internal.annotations.VisibleForTesting; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 81 | import com.android.internal.util.RingBufferIndices; |
| 82 | import com.android.internal.util.State; |
| 83 | import com.android.internal.util.StateMachine; |
| 84 | |
| 85 | import java.io.IOException; |
| 86 | import java.net.HttpURLConnection; |
| 87 | import java.net.InetAddress; |
| 88 | import java.net.MalformedURLException; |
| 89 | import java.net.URL; |
| 90 | import java.net.UnknownHostException; |
| 91 | import java.util.ArrayList; |
| 92 | import java.util.Arrays; |
Remi NGUYEN VAN | 777022e | 2019-01-28 13:28:35 +0900 | [diff] [blame] | 93 | import java.util.Collection; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 94 | import java.util.Collections; |
| 95 | import java.util.LinkedHashMap; |
| 96 | import java.util.List; |
| 97 | import java.util.Random; |
| 98 | import java.util.UUID; |
| 99 | import java.util.concurrent.CountDownLatch; |
| 100 | import java.util.concurrent.TimeUnit; |
| 101 | |
| 102 | /** |
| 103 | * {@hide} |
| 104 | */ |
| 105 | public class NetworkMonitor extends StateMachine { |
| 106 | private static final String TAG = NetworkMonitor.class.getSimpleName(); |
| 107 | private static final boolean DBG = true; |
| 108 | private static final boolean VDBG = false; |
| 109 | private static final boolean VDBG_STALL = Log.isLoggable(TAG, Log.DEBUG); |
Remi NGUYEN VAN | b85d875 | 2019-01-30 23:39:24 +0900 | [diff] [blame] | 110 | // TODO: use another permission for CaptivePortalLoginActivity once it has its own certificate |
| 111 | private static final String PERMISSION_NETWORK_SETTINGS = "android.permission.NETWORK_SETTINGS"; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 112 | // Default configuration values for captive portal detection probes. |
| 113 | // TODO: append a random length parameter to the default HTTPS url. |
| 114 | // TODO: randomize browser version ids in the default User-Agent String. |
| 115 | private static final String DEFAULT_HTTPS_URL = "https://www.google.com/generate_204"; |
| 116 | private static final String DEFAULT_FALLBACK_URL = "http://www.google.com/gen_204"; |
| 117 | private static final String DEFAULT_OTHER_FALLBACK_URLS = |
| 118 | "http://play.googleapis.com/generate_204"; |
| 119 | private static final String DEFAULT_USER_AGENT = "Mozilla/5.0 (X11; Linux x86_64) " |
| 120 | + "AppleWebKit/537.36 (KHTML, like Gecko) " |
| 121 | + "Chrome/60.0.3112.32 Safari/537.36"; |
| 122 | |
| 123 | private static final int SOCKET_TIMEOUT_MS = 10000; |
| 124 | private static final int PROBE_TIMEOUT_MS = 3000; |
| 125 | |
| 126 | // Default configuration values for data stall detection. |
| 127 | private static final int DEFAULT_CONSECUTIVE_DNS_TIMEOUT_THRESHOLD = 5; |
| 128 | private static final int DEFAULT_DATA_STALL_MIN_EVALUATE_TIME_MS = 60 * 1000; |
| 129 | private static final int DEFAULT_DATA_STALL_VALID_DNS_TIME_THRESHOLD_MS = 30 * 60 * 1000; |
| 130 | |
| 131 | private static final int DATA_STALL_EVALUATION_TYPE_DNS = 1; |
| 132 | private static final int DEFAULT_DATA_STALL_EVALUATION_TYPES = |
| 133 | (1 << DATA_STALL_EVALUATION_TYPE_DNS); |
Chiachang Wang | 8b5f84a | 2019-02-22 11:13:07 +0800 | [diff] [blame^] | 134 | // Reevaluate it as intending to increase the number. Larger log size may cause statsd |
| 135 | // log buffer bust and have stats log lost. |
| 136 | private static final int DEFAULT_DNS_LOG_SIZE = 20; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 137 | |
| 138 | enum EvaluationResult { |
| 139 | VALIDATED(true), |
| 140 | CAPTIVE_PORTAL(false); |
| 141 | final boolean mIsValidated; |
| 142 | EvaluationResult(boolean isValidated) { |
| 143 | this.mIsValidated = isValidated; |
| 144 | } |
| 145 | } |
| 146 | |
| 147 | enum ValidationStage { |
| 148 | FIRST_VALIDATION(true), |
| 149 | REVALIDATION(false); |
| 150 | final boolean mIsFirstValidation; |
| 151 | ValidationStage(boolean isFirstValidation) { |
| 152 | this.mIsFirstValidation = isFirstValidation; |
| 153 | } |
| 154 | } |
| 155 | |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 156 | /** |
| 157 | * ConnectivityService has sent a notification to indicate that network has connected. |
| 158 | * Initiates Network Validation. |
| 159 | */ |
Remi NGUYEN VAN | a0983f7 | 2019-01-20 16:50:42 +0900 | [diff] [blame] | 160 | private static final int CMD_NETWORK_CONNECTED = 1; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 161 | |
| 162 | /** |
| 163 | * Message to self indicating it's time to evaluate a network's connectivity. |
| 164 | * arg1 = Token to ignore old messages. |
| 165 | */ |
Remi NGUYEN VAN | a0983f7 | 2019-01-20 16:50:42 +0900 | [diff] [blame] | 166 | private static final int CMD_REEVALUATE = 6; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 167 | |
| 168 | /** |
| 169 | * ConnectivityService has sent a notification to indicate that network has disconnected. |
| 170 | */ |
Remi NGUYEN VAN | a0983f7 | 2019-01-20 16:50:42 +0900 | [diff] [blame] | 171 | private static final int CMD_NETWORK_DISCONNECTED = 7; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 172 | |
| 173 | /** |
| 174 | * Force evaluation even if it has succeeded in the past. |
| 175 | * arg1 = UID responsible for requesting this reeval. Will be billed for data. |
| 176 | */ |
Remi NGUYEN VAN | a0983f7 | 2019-01-20 16:50:42 +0900 | [diff] [blame] | 177 | private static final int CMD_FORCE_REEVALUATION = 8; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 178 | |
| 179 | /** |
| 180 | * Message to self indicating captive portal app finished. |
| 181 | * arg1 = one of: APP_RETURN_DISMISSED, |
| 182 | * APP_RETURN_UNWANTED, |
| 183 | * APP_RETURN_WANTED_AS_IS |
| 184 | * obj = mCaptivePortalLoggedInResponseToken as String |
| 185 | */ |
Remi NGUYEN VAN | a0983f7 | 2019-01-20 16:50:42 +0900 | [diff] [blame] | 186 | private static final int CMD_CAPTIVE_PORTAL_APP_FINISHED = 9; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 187 | |
| 188 | /** |
| 189 | * Message indicating sign-in app should be launched. |
| 190 | * Sent by mLaunchCaptivePortalAppBroadcastReceiver when the |
| 191 | * user touches the sign in notification, or sent by |
| 192 | * ConnectivityService when the user touches the "sign into |
| 193 | * network" button in the wifi access point detail page. |
| 194 | */ |
Remi NGUYEN VAN | a0983f7 | 2019-01-20 16:50:42 +0900 | [diff] [blame] | 195 | private static final int CMD_LAUNCH_CAPTIVE_PORTAL_APP = 11; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 196 | |
| 197 | /** |
| 198 | * Retest network to see if captive portal is still in place. |
| 199 | * arg1 = UID responsible for requesting this reeval. Will be billed for data. |
| 200 | * 0 indicates self-initiated, so nobody to blame. |
| 201 | */ |
Remi NGUYEN VAN | a0983f7 | 2019-01-20 16:50:42 +0900 | [diff] [blame] | 202 | private static final int CMD_CAPTIVE_PORTAL_RECHECK = 12; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 203 | |
| 204 | /** |
| 205 | * ConnectivityService notifies NetworkMonitor of settings changes to |
| 206 | * Private DNS. If a DNS resolution is required, e.g. for DNS-over-TLS in |
| 207 | * strict mode, then an event is sent back to ConnectivityService with the |
| 208 | * result of the resolution attempt. |
| 209 | * |
| 210 | * A separate message is used to trigger (re)evaluation of the Private DNS |
| 211 | * configuration, so that the message can be handled as needed in different |
| 212 | * states, including being ignored until after an ongoing captive portal |
| 213 | * validation phase is completed. |
| 214 | */ |
Remi NGUYEN VAN | a0983f7 | 2019-01-20 16:50:42 +0900 | [diff] [blame] | 215 | private static final int CMD_PRIVATE_DNS_SETTINGS_CHANGED = 13; |
| 216 | private static final int CMD_EVALUATE_PRIVATE_DNS = 15; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 217 | |
| 218 | /** |
| 219 | * Message to self indicating captive portal detection is completed. |
| 220 | * obj = CaptivePortalProbeResult for detection result; |
| 221 | */ |
Remi NGUYEN VAN | a0983f7 | 2019-01-20 16:50:42 +0900 | [diff] [blame] | 222 | public static final int CMD_PROBE_COMPLETE = 16; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 223 | |
| 224 | /** |
| 225 | * ConnectivityService notifies NetworkMonitor of DNS query responses event. |
| 226 | * arg1 = returncode in OnDnsEvent which indicates the response code for the DNS query. |
| 227 | */ |
Remi NGUYEN VAN | a0983f7 | 2019-01-20 16:50:42 +0900 | [diff] [blame] | 228 | public static final int EVENT_DNS_NOTIFICATION = 17; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 229 | |
| 230 | // Start mReevaluateDelayMs at this value and double. |
| 231 | private static final int INITIAL_REEVALUATE_DELAY_MS = 1000; |
| 232 | private static final int MAX_REEVALUATE_DELAY_MS = 10 * 60 * 1000; |
| 233 | // Before network has been evaluated this many times, ignore repeated reevaluate requests. |
| 234 | private static final int IGNORE_REEVALUATE_ATTEMPTS = 5; |
| 235 | private int mReevaluateToken = 0; |
| 236 | private static final int NO_UID = 0; |
| 237 | private static final int INVALID_UID = -1; |
| 238 | private int mUidResponsibleForReeval = INVALID_UID; |
| 239 | // Stop blaming UID that requested re-evaluation after this many attempts. |
| 240 | private static final int BLAME_FOR_EVALUATION_ATTEMPTS = 5; |
| 241 | // Delay between reevaluations once a captive portal has been found. |
| 242 | private static final int CAPTIVE_PORTAL_REEVALUATE_DELAY_MS = 10 * 60 * 1000; |
| 243 | |
| 244 | private String mPrivateDnsProviderHostname = ""; |
| 245 | |
| 246 | private final Context mContext; |
| 247 | private final INetworkMonitorCallbacks mCallback; |
| 248 | private final Network mNetwork; |
| 249 | private final Network mNonPrivateDnsBypassNetwork; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 250 | private final TelephonyManager mTelephonyManager; |
| 251 | private final WifiManager mWifiManager; |
| 252 | private final ConnectivityManager mCm; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 253 | private final IpConnectivityLog mMetricsLog; |
| 254 | private final Dependencies mDependencies; |
Chiachang Wang | 8b5f84a | 2019-02-22 11:13:07 +0800 | [diff] [blame^] | 255 | private final DataStallStatsUtils mDetectionStatsUtils; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 256 | |
| 257 | // Configuration values for captive portal detection probes. |
| 258 | private final String mCaptivePortalUserAgent; |
| 259 | private final URL mCaptivePortalHttpsUrl; |
| 260 | private final URL mCaptivePortalHttpUrl; |
| 261 | private final URL[] mCaptivePortalFallbackUrls; |
| 262 | @Nullable |
| 263 | private final CaptivePortalProbeSpec[] mCaptivePortalFallbackSpecs; |
| 264 | |
| 265 | private NetworkCapabilities mNetworkCapabilities; |
| 266 | private LinkProperties mLinkProperties; |
| 267 | |
| 268 | @VisibleForTesting |
| 269 | protected boolean mIsCaptivePortalCheckEnabled; |
| 270 | |
| 271 | private boolean mUseHttps; |
| 272 | // The total number of captive portal detection attempts for this NetworkMonitor instance. |
| 273 | private int mValidations = 0; |
| 274 | |
| 275 | // Set if the user explicitly selected "Do not use this network" in captive portal sign-in app. |
| 276 | private boolean mUserDoesNotWant = false; |
| 277 | // Avoids surfacing "Sign in to network" notification. |
| 278 | private boolean mDontDisplaySigninNotification = false; |
| 279 | |
| 280 | private volatile boolean mSystemReady = false; |
| 281 | |
| 282 | private final State mDefaultState = new DefaultState(); |
| 283 | private final State mValidatedState = new ValidatedState(); |
| 284 | private final State mMaybeNotifyState = new MaybeNotifyState(); |
| 285 | private final State mEvaluatingState = new EvaluatingState(); |
| 286 | private final State mCaptivePortalState = new CaptivePortalState(); |
| 287 | private final State mEvaluatingPrivateDnsState = new EvaluatingPrivateDnsState(); |
| 288 | private final State mProbingState = new ProbingState(); |
| 289 | private final State mWaitingForNextProbeState = new WaitingForNextProbeState(); |
| 290 | |
| 291 | private CustomIntentReceiver mLaunchCaptivePortalAppBroadcastReceiver = null; |
| 292 | |
| 293 | private final SharedLog mValidationLogs; |
| 294 | |
| 295 | private final Stopwatch mEvaluationTimer = new Stopwatch(); |
| 296 | |
| 297 | // This variable is set before transitioning to the mCaptivePortalState. |
| 298 | private CaptivePortalProbeResult mLastPortalProbeResult = CaptivePortalProbeResult.FAILED; |
| 299 | |
| 300 | // Random generator to select fallback URL index |
| 301 | private final Random mRandom; |
| 302 | private int mNextFallbackUrlIndex = 0; |
| 303 | |
| 304 | |
| 305 | private int mReevaluateDelayMs = INITIAL_REEVALUATE_DELAY_MS; |
| 306 | private int mEvaluateAttempts = 0; |
| 307 | private volatile int mProbeToken = 0; |
| 308 | private final int mConsecutiveDnsTimeoutThreshold; |
| 309 | private final int mDataStallMinEvaluateTime; |
| 310 | private final int mDataStallValidDnsTimeThreshold; |
| 311 | private final int mDataStallEvaluationType; |
| 312 | private final DnsStallDetector mDnsStallDetector; |
| 313 | private long mLastProbeTime; |
Chiachang Wang | 8b5f84a | 2019-02-22 11:13:07 +0800 | [diff] [blame^] | 314 | // Set to true if data stall is suspected and reset to false after metrics are sent to statsd. |
| 315 | private boolean mCollectDataStallMetrics = false; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 316 | |
| 317 | public NetworkMonitor(Context context, INetworkMonitorCallbacks cb, Network network, |
Remi NGUYEN VAN | 6e9fdbd | 2019-01-29 15:38:52 +0900 | [diff] [blame] | 318 | SharedLog validationLog) { |
| 319 | this(context, cb, network, new IpConnectivityLog(), validationLog, |
Chiachang Wang | 8b5f84a | 2019-02-22 11:13:07 +0800 | [diff] [blame^] | 320 | Dependencies.DEFAULT, new DataStallStatsUtils()); |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 321 | } |
| 322 | |
| 323 | @VisibleForTesting |
| 324 | protected NetworkMonitor(Context context, INetworkMonitorCallbacks cb, Network network, |
Remi NGUYEN VAN | 6e9fdbd | 2019-01-29 15:38:52 +0900 | [diff] [blame] | 325 | IpConnectivityLog logger, SharedLog validationLogs, |
Chiachang Wang | 8b5f84a | 2019-02-22 11:13:07 +0800 | [diff] [blame^] | 326 | Dependencies deps, DataStallStatsUtils detectionStatsUtils) { |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 327 | // Add suffix indicating which NetworkMonitor we're talking about. |
Remi NGUYEN VAN | a0983f7 | 2019-01-20 16:50:42 +0900 | [diff] [blame] | 328 | super(TAG + "/" + network.toString()); |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 329 | |
| 330 | // Logs with a tag of the form given just above, e.g. |
| 331 | // <timestamp> 862 2402 D NetworkMonitor/NetworkAgentInfo [WIFI () - 100]: ... |
| 332 | setDbg(VDBG); |
| 333 | |
| 334 | mContext = context; |
| 335 | mMetricsLog = logger; |
| 336 | mValidationLogs = validationLogs; |
| 337 | mCallback = cb; |
| 338 | mDependencies = deps; |
Chiachang Wang | 8b5f84a | 2019-02-22 11:13:07 +0800 | [diff] [blame^] | 339 | mDetectionStatsUtils = detectionStatsUtils; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 340 | mNonPrivateDnsBypassNetwork = network; |
| 341 | mNetwork = deps.getPrivateDnsBypassNetwork(network); |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 342 | mTelephonyManager = (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE); |
| 343 | mWifiManager = (WifiManager) context.getSystemService(Context.WIFI_SERVICE); |
| 344 | mCm = (ConnectivityManager) context.getSystemService(Context.CONNECTIVITY_SERVICE); |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 345 | |
| 346 | // CHECKSTYLE:OFF IndentationCheck |
| 347 | addState(mDefaultState); |
| 348 | addState(mMaybeNotifyState, mDefaultState); |
| 349 | addState(mEvaluatingState, mMaybeNotifyState); |
| 350 | addState(mProbingState, mEvaluatingState); |
| 351 | addState(mWaitingForNextProbeState, mEvaluatingState); |
| 352 | addState(mCaptivePortalState, mMaybeNotifyState); |
| 353 | addState(mEvaluatingPrivateDnsState, mDefaultState); |
| 354 | addState(mValidatedState, mDefaultState); |
| 355 | setInitialState(mDefaultState); |
| 356 | // CHECKSTYLE:ON IndentationCheck |
| 357 | |
| 358 | mIsCaptivePortalCheckEnabled = getIsCaptivePortalCheckEnabled(); |
| 359 | mUseHttps = getUseHttpsValidation(); |
| 360 | mCaptivePortalUserAgent = getCaptivePortalUserAgent(); |
| 361 | mCaptivePortalHttpsUrl = makeURL(getCaptivePortalServerHttpsUrl()); |
| 362 | mCaptivePortalHttpUrl = makeURL(deps.getCaptivePortalServerHttpUrl(context)); |
| 363 | mCaptivePortalFallbackUrls = makeCaptivePortalFallbackUrls(); |
| 364 | mCaptivePortalFallbackSpecs = makeCaptivePortalFallbackProbeSpecs(); |
| 365 | mRandom = deps.getRandom(); |
| 366 | // TODO: Evaluate to move data stall configuration to a specific class. |
| 367 | mConsecutiveDnsTimeoutThreshold = getConsecutiveDnsTimeoutThreshold(); |
| 368 | mDnsStallDetector = new DnsStallDetector(mConsecutiveDnsTimeoutThreshold); |
| 369 | mDataStallMinEvaluateTime = getDataStallMinEvaluateTime(); |
| 370 | mDataStallValidDnsTimeThreshold = getDataStallValidDnsTimeThreshold(); |
| 371 | mDataStallEvaluationType = getDataStallEvalutionType(); |
| 372 | |
| 373 | // mLinkProperties and mNetworkCapbilities must never be null or we will NPE. |
| 374 | // Provide empty objects in case we are started and the network disconnects before |
| 375 | // we can ever fetch them. |
| 376 | // TODO: Delete ASAP. |
| 377 | mLinkProperties = new LinkProperties(); |
Remi NGUYEN VAN | 6e9fdbd | 2019-01-29 15:38:52 +0900 | [diff] [blame] | 378 | mNetworkCapabilities = new NetworkCapabilities(null); |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 379 | } |
| 380 | |
| 381 | /** |
| 382 | * Request the NetworkMonitor to reevaluate the network. |
| 383 | */ |
| 384 | public void forceReevaluation(int responsibleUid) { |
| 385 | sendMessage(CMD_FORCE_REEVALUATION, responsibleUid, 0); |
| 386 | } |
| 387 | |
| 388 | /** |
| 389 | * Send a notification to NetworkMonitor indicating that there was a DNS query response event. |
| 390 | * @param returnCode the DNS return code of the response. |
| 391 | */ |
| 392 | public void notifyDnsResponse(int returnCode) { |
| 393 | sendMessage(EVENT_DNS_NOTIFICATION, returnCode); |
| 394 | } |
| 395 | |
| 396 | /** |
| 397 | * Send a notification to NetworkMonitor indicating that private DNS settings have changed. |
| 398 | * @param newCfg The new private DNS configuration. |
| 399 | */ |
| 400 | public void notifyPrivateDnsSettingsChanged(PrivateDnsConfig newCfg) { |
| 401 | // Cancel any outstanding resolutions. |
| 402 | removeMessages(CMD_PRIVATE_DNS_SETTINGS_CHANGED); |
| 403 | // Send the update to the proper thread. |
| 404 | sendMessage(CMD_PRIVATE_DNS_SETTINGS_CHANGED, newCfg); |
| 405 | } |
| 406 | |
| 407 | /** |
| 408 | * Send a notification to NetworkMonitor indicating that the system is ready. |
| 409 | */ |
| 410 | public void notifySystemReady() { |
| 411 | // No need to run on the handler thread: mSystemReady is volatile and read only once on the |
| 412 | // isCaptivePortal() thread. |
| 413 | mSystemReady = true; |
| 414 | } |
| 415 | |
| 416 | /** |
| 417 | * Send a notification to NetworkMonitor indicating that the network is now connected. |
| 418 | */ |
| 419 | public void notifyNetworkConnected() { |
| 420 | sendMessage(CMD_NETWORK_CONNECTED); |
| 421 | } |
| 422 | |
| 423 | /** |
| 424 | * Send a notification to NetworkMonitor indicating that the network is now disconnected. |
| 425 | */ |
| 426 | public void notifyNetworkDisconnected() { |
| 427 | sendMessage(CMD_NETWORK_DISCONNECTED); |
| 428 | } |
| 429 | |
| 430 | /** |
| 431 | * Send a notification to NetworkMonitor indicating that link properties have changed. |
| 432 | */ |
| 433 | public void notifyLinkPropertiesChanged() { |
| 434 | getHandler().post(() -> { |
| 435 | updateLinkProperties(); |
| 436 | }); |
| 437 | } |
| 438 | |
| 439 | private void updateLinkProperties() { |
| 440 | final LinkProperties lp = mCm.getLinkProperties(mNetwork); |
| 441 | // If null, we should soon get a message that the network was disconnected, and will stop. |
| 442 | if (lp != null) { |
| 443 | // TODO: send LinkProperties parceled in notifyLinkPropertiesChanged() and start(). |
| 444 | mLinkProperties = lp; |
| 445 | } |
| 446 | } |
| 447 | |
| 448 | /** |
| 449 | * Send a notification to NetworkMonitor indicating that network capabilities have changed. |
| 450 | */ |
| 451 | public void notifyNetworkCapabilitiesChanged() { |
| 452 | getHandler().post(() -> { |
| 453 | updateNetworkCapabilities(); |
| 454 | }); |
| 455 | } |
| 456 | |
| 457 | private void updateNetworkCapabilities() { |
| 458 | final NetworkCapabilities nc = mCm.getNetworkCapabilities(mNetwork); |
| 459 | // If null, we should soon get a message that the network was disconnected, and will stop. |
| 460 | if (nc != null) { |
| 461 | // TODO: send NetworkCapabilities parceled in notifyNetworkCapsChanged() and start(). |
| 462 | mNetworkCapabilities = nc; |
| 463 | } |
| 464 | } |
| 465 | |
| 466 | /** |
| 467 | * Request the captive portal application to be launched. |
| 468 | */ |
| 469 | public void launchCaptivePortalApp() { |
| 470 | sendMessage(CMD_LAUNCH_CAPTIVE_PORTAL_APP); |
| 471 | } |
| 472 | |
Remi NGUYEN VAN | ad99e54 | 2019-02-13 20:58:59 +0900 | [diff] [blame] | 473 | /** |
| 474 | * Notify that the captive portal app was closed with the provided response code. |
| 475 | */ |
| 476 | public void notifyCaptivePortalAppFinished(int response) { |
| 477 | sendMessage(CMD_CAPTIVE_PORTAL_APP_FINISHED, response); |
| 478 | } |
| 479 | |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 480 | @Override |
| 481 | protected void log(String s) { |
Remi NGUYEN VAN | a0983f7 | 2019-01-20 16:50:42 +0900 | [diff] [blame] | 482 | if (DBG) Log.d(TAG + "/" + mNetwork.toString(), s); |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 483 | } |
| 484 | |
| 485 | private void validationLog(int probeType, Object url, String msg) { |
| 486 | String probeName = ValidationProbeEvent.getProbeName(probeType); |
| 487 | validationLog(String.format("%s %s %s", probeName, url, msg)); |
| 488 | } |
| 489 | |
| 490 | private void validationLog(String s) { |
| 491 | if (DBG) log(s); |
| 492 | mValidationLogs.log(s); |
| 493 | } |
| 494 | |
| 495 | private ValidationStage validationStage() { |
| 496 | return 0 == mValidations ? ValidationStage.FIRST_VALIDATION : ValidationStage.REVALIDATION; |
| 497 | } |
| 498 | |
| 499 | private boolean isValidationRequired() { |
Lorenzo Colitti | d447689 | 2019-01-23 17:54:08 +0900 | [diff] [blame] | 500 | return NetworkMonitorUtils.isValidationRequired(mNetworkCapabilities); |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 501 | } |
| 502 | |
| 503 | |
| 504 | private void notifyNetworkTested(int result, @Nullable String redirectUrl) { |
| 505 | try { |
| 506 | mCallback.notifyNetworkTested(result, redirectUrl); |
| 507 | } catch (RemoteException e) { |
| 508 | Log.e(TAG, "Error sending network test result", e); |
| 509 | } |
| 510 | } |
| 511 | |
| 512 | private void showProvisioningNotification(String action) { |
| 513 | try { |
Remi NGUYEN VAN | 1e3eb37 | 2019-02-07 21:29:57 +0900 | [diff] [blame] | 514 | mCallback.showProvisioningNotification(action, mContext.getPackageName()); |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 515 | } catch (RemoteException e) { |
| 516 | Log.e(TAG, "Error showing provisioning notification", e); |
| 517 | } |
| 518 | } |
| 519 | |
| 520 | private void hideProvisioningNotification() { |
| 521 | try { |
| 522 | mCallback.hideProvisioningNotification(); |
| 523 | } catch (RemoteException e) { |
| 524 | Log.e(TAG, "Error hiding provisioning notification", e); |
| 525 | } |
| 526 | } |
| 527 | |
| 528 | // DefaultState is the parent of all States. It exists only to handle CMD_* messages but |
| 529 | // does not entail any real state (hence no enter() or exit() routines). |
| 530 | private class DefaultState extends State { |
| 531 | @Override |
| 532 | public void enter() { |
| 533 | // TODO: have those passed parceled in start() and remove this |
| 534 | updateLinkProperties(); |
| 535 | updateNetworkCapabilities(); |
| 536 | } |
| 537 | |
| 538 | @Override |
| 539 | public boolean processMessage(Message message) { |
| 540 | switch (message.what) { |
| 541 | case CMD_NETWORK_CONNECTED: |
| 542 | logNetworkEvent(NetworkEvent.NETWORK_CONNECTED); |
| 543 | transitionTo(mEvaluatingState); |
| 544 | return HANDLED; |
| 545 | case CMD_NETWORK_DISCONNECTED: |
| 546 | logNetworkEvent(NetworkEvent.NETWORK_DISCONNECTED); |
| 547 | if (mLaunchCaptivePortalAppBroadcastReceiver != null) { |
| 548 | mContext.unregisterReceiver(mLaunchCaptivePortalAppBroadcastReceiver); |
| 549 | mLaunchCaptivePortalAppBroadcastReceiver = null; |
| 550 | } |
| 551 | quit(); |
| 552 | return HANDLED; |
| 553 | case CMD_FORCE_REEVALUATION: |
| 554 | case CMD_CAPTIVE_PORTAL_RECHECK: |
Chiachang Wang | 0a880da | 2019-01-15 10:32:48 +0800 | [diff] [blame] | 555 | final int dnsCount = mDnsStallDetector.getConsecutiveTimeoutCount(); |
| 556 | validationLog("Forcing reevaluation for UID " + message.arg1 |
| 557 | + ". Dns signal count: " + dnsCount); |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 558 | mUidResponsibleForReeval = message.arg1; |
| 559 | transitionTo(mEvaluatingState); |
| 560 | return HANDLED; |
| 561 | case CMD_CAPTIVE_PORTAL_APP_FINISHED: |
| 562 | log("CaptivePortal App responded with " + message.arg1); |
| 563 | |
| 564 | // If the user has seen and acted on a captive portal notification, and the |
| 565 | // captive portal app is now closed, disable HTTPS probes. This avoids the |
| 566 | // following pathological situation: |
| 567 | // |
| 568 | // 1. HTTP probe returns a captive portal, HTTPS probe fails or times out. |
| 569 | // 2. User opens the app and logs into the captive portal. |
| 570 | // 3. HTTP starts working, but HTTPS still doesn't work for some other reason - |
| 571 | // perhaps due to the network blocking HTTPS? |
| 572 | // |
| 573 | // In this case, we'll fail to validate the network even after the app is |
| 574 | // dismissed. There is now no way to use this network, because the app is now |
| 575 | // gone, so the user cannot select "Use this network as is". |
| 576 | mUseHttps = false; |
| 577 | |
| 578 | switch (message.arg1) { |
| 579 | case APP_RETURN_DISMISSED: |
| 580 | sendMessage(CMD_FORCE_REEVALUATION, NO_UID, 0); |
| 581 | break; |
| 582 | case APP_RETURN_WANTED_AS_IS: |
| 583 | mDontDisplaySigninNotification = true; |
| 584 | // TODO: Distinguish this from a network that actually validates. |
| 585 | // Displaying the "x" on the system UI icon may still be a good idea. |
| 586 | transitionTo(mEvaluatingPrivateDnsState); |
| 587 | break; |
| 588 | case APP_RETURN_UNWANTED: |
| 589 | mDontDisplaySigninNotification = true; |
| 590 | mUserDoesNotWant = true; |
| 591 | notifyNetworkTested(NETWORK_TEST_RESULT_INVALID, null); |
| 592 | // TODO: Should teardown network. |
| 593 | mUidResponsibleForReeval = 0; |
| 594 | transitionTo(mEvaluatingState); |
| 595 | break; |
| 596 | } |
| 597 | return HANDLED; |
| 598 | case CMD_PRIVATE_DNS_SETTINGS_CHANGED: { |
| 599 | final PrivateDnsConfig cfg = (PrivateDnsConfig) message.obj; |
| 600 | if (!isValidationRequired() || cfg == null || !cfg.inStrictMode()) { |
| 601 | // No DNS resolution required. |
| 602 | // |
| 603 | // We don't force any validation in opportunistic mode |
| 604 | // here. Opportunistic mode nameservers are validated |
| 605 | // separately within netd. |
| 606 | // |
| 607 | // Reset Private DNS settings state. |
| 608 | mPrivateDnsProviderHostname = ""; |
| 609 | break; |
| 610 | } |
| 611 | |
| 612 | mPrivateDnsProviderHostname = cfg.hostname; |
| 613 | |
| 614 | // DNS resolutions via Private DNS strict mode block for a |
| 615 | // few seconds (~4.2) checking for any IP addresses to |
| 616 | // arrive and validate. Initiating a (re)evaluation now |
| 617 | // should not significantly alter the validation outcome. |
| 618 | // |
| 619 | // No matter what: enqueue a validation request; one of |
| 620 | // three things can happen with this request: |
| 621 | // [1] ignored (EvaluatingState or CaptivePortalState) |
| 622 | // [2] transition to EvaluatingPrivateDnsState |
| 623 | // (DefaultState and ValidatedState) |
| 624 | // [3] handled (EvaluatingPrivateDnsState) |
| 625 | // |
| 626 | // The Private DNS configuration to be evaluated will: |
| 627 | // [1] be skipped (not in strict mode), or |
| 628 | // [2] validate (huzzah), or |
| 629 | // [3] encounter some problem (invalid hostname, |
| 630 | // no resolved IP addresses, IPs unreachable, |
| 631 | // port 853 unreachable, port 853 is not running a |
| 632 | // DNS-over-TLS server, et cetera). |
| 633 | sendMessage(CMD_EVALUATE_PRIVATE_DNS); |
| 634 | break; |
| 635 | } |
| 636 | case EVENT_DNS_NOTIFICATION: |
| 637 | mDnsStallDetector.accumulateConsecutiveDnsTimeoutCount(message.arg1); |
| 638 | break; |
| 639 | default: |
| 640 | break; |
| 641 | } |
| 642 | return HANDLED; |
| 643 | } |
| 644 | } |
| 645 | |
| 646 | // Being in the ValidatedState State indicates a Network is: |
| 647 | // - Successfully validated, or |
| 648 | // - Wanted "as is" by the user, or |
| 649 | // - Does not satisfy the default NetworkRequest and so validation has been skipped. |
| 650 | private class ValidatedState extends State { |
| 651 | @Override |
| 652 | public void enter() { |
| 653 | maybeLogEvaluationResult( |
| 654 | networkEventType(validationStage(), EvaluationResult.VALIDATED)); |
| 655 | notifyNetworkTested(INetworkMonitor.NETWORK_TEST_RESULT_VALID, null); |
| 656 | mValidations++; |
| 657 | } |
| 658 | |
| 659 | @Override |
| 660 | public boolean processMessage(Message message) { |
| 661 | switch (message.what) { |
| 662 | case CMD_NETWORK_CONNECTED: |
| 663 | transitionTo(mValidatedState); |
| 664 | break; |
| 665 | case CMD_EVALUATE_PRIVATE_DNS: |
| 666 | transitionTo(mEvaluatingPrivateDnsState); |
| 667 | break; |
| 668 | case EVENT_DNS_NOTIFICATION: |
| 669 | mDnsStallDetector.accumulateConsecutiveDnsTimeoutCount(message.arg1); |
| 670 | if (isDataStall()) { |
Chiachang Wang | 8b5f84a | 2019-02-22 11:13:07 +0800 | [diff] [blame^] | 671 | mCollectDataStallMetrics = true; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 672 | validationLog("Suspecting data stall, reevaluate"); |
| 673 | transitionTo(mEvaluatingState); |
| 674 | } |
| 675 | break; |
| 676 | default: |
| 677 | return NOT_HANDLED; |
| 678 | } |
| 679 | return HANDLED; |
| 680 | } |
| 681 | } |
| 682 | |
Chiachang Wang | 8b5f84a | 2019-02-22 11:13:07 +0800 | [diff] [blame^] | 683 | private void writeDataStallStats(@NonNull final CaptivePortalProbeResult result) { |
| 684 | /* |
| 685 | * Collect data stall detection level information for each transport type. Collect type |
| 686 | * specific information for cellular and wifi only currently. Generate |
| 687 | * DataStallDetectionStats for each transport type. E.g., if a network supports both |
| 688 | * TRANSPORT_WIFI and TRANSPORT_VPN, two DataStallDetectionStats will be generated. |
| 689 | */ |
| 690 | final int[] transports = mNetworkCapabilities.getTransportTypes(); |
| 691 | |
| 692 | for (int i = 0; i < transports.length; i++) { |
| 693 | DataStallStatsUtils.write(buildDataStallDetectionStats(transports[i]), result); |
| 694 | } |
| 695 | mCollectDataStallMetrics = false; |
| 696 | } |
| 697 | |
| 698 | @VisibleForTesting |
| 699 | protected DataStallDetectionStats buildDataStallDetectionStats(int transport) { |
| 700 | final DataStallDetectionStats.Builder stats = new DataStallDetectionStats.Builder(); |
| 701 | if (VDBG_STALL) log("collectDataStallMetrics: type=" + transport); |
| 702 | stats.setEvaluationType(DATA_STALL_EVALUATION_TYPE_DNS); |
| 703 | stats.setNetworkType(transport); |
| 704 | switch (transport) { |
| 705 | case NetworkCapabilities.TRANSPORT_WIFI: |
| 706 | // TODO: Update it if status query in dual wifi is supported. |
| 707 | final WifiInfo wifiInfo = mWifiManager.getConnectionInfo(); |
| 708 | stats.setWiFiData(wifiInfo); |
| 709 | break; |
| 710 | case NetworkCapabilities.TRANSPORT_CELLULAR: |
| 711 | final boolean isRoaming = !mNetworkCapabilities.hasCapability( |
| 712 | NetworkCapabilities.NET_CAPABILITY_NOT_ROAMING); |
| 713 | final SignalStrength ss = mTelephonyManager.getSignalStrength(); |
| 714 | // TODO(b/120452078): Support multi-sim. |
| 715 | stats.setCellData( |
| 716 | mTelephonyManager.getDataNetworkType(), |
| 717 | isRoaming, |
| 718 | mTelephonyManager.getNetworkOperator(), |
| 719 | mTelephonyManager.getSimOperator(), |
| 720 | (ss != null) |
| 721 | ? ss.getLevel() : CellSignalStrength.SIGNAL_STRENGTH_NONE_OR_UNKNOWN); |
| 722 | break; |
| 723 | default: |
| 724 | // No transport type specific information for the other types. |
| 725 | break; |
| 726 | } |
| 727 | addDnsEvents(stats); |
| 728 | |
| 729 | return stats.build(); |
| 730 | } |
| 731 | |
| 732 | private void addDnsEvents(@NonNull final DataStallDetectionStats.Builder stats) { |
| 733 | final int size = mDnsStallDetector.mResultIndices.size(); |
| 734 | for (int i = 1; i <= DEFAULT_DNS_LOG_SIZE && i <= size; i++) { |
| 735 | final int index = mDnsStallDetector.mResultIndices.indexOf(size - i); |
| 736 | stats.addDnsEvent(mDnsStallDetector.mDnsEvents[index].mReturnCode, |
| 737 | mDnsStallDetector.mDnsEvents[index].mTimeStamp); |
| 738 | } |
| 739 | } |
| 740 | |
| 741 | |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 742 | // Being in the MaybeNotifyState State indicates the user may have been notified that sign-in |
| 743 | // is required. This State takes care to clear the notification upon exit from the State. |
| 744 | private class MaybeNotifyState extends State { |
| 745 | @Override |
| 746 | public boolean processMessage(Message message) { |
| 747 | switch (message.what) { |
| 748 | case CMD_LAUNCH_CAPTIVE_PORTAL_APP: |
Remi NGUYEN VAN | 56fcae3 | 2019-02-04 11:32:20 +0900 | [diff] [blame] | 749 | final Bundle appExtras = new Bundle(); |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 750 | // OneAddressPerFamilyNetwork is not parcelable across processes. |
Remi NGUYEN VAN | ad99e54 | 2019-02-13 20:58:59 +0900 | [diff] [blame] | 751 | final Network network = new Network(mNetwork); |
| 752 | appExtras.putParcelable(ConnectivityManager.EXTRA_NETWORK, network); |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 753 | final CaptivePortalProbeResult probeRes = mLastPortalProbeResult; |
Remi NGUYEN VAN | 56fcae3 | 2019-02-04 11:32:20 +0900 | [diff] [blame] | 754 | appExtras.putString(EXTRA_CAPTIVE_PORTAL_URL, probeRes.detectUrl); |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 755 | if (probeRes.probeSpec != null) { |
| 756 | final String encodedSpec = probeRes.probeSpec.getEncodedSpec(); |
Remi NGUYEN VAN | 56fcae3 | 2019-02-04 11:32:20 +0900 | [diff] [blame] | 757 | appExtras.putString(EXTRA_CAPTIVE_PORTAL_PROBE_SPEC, encodedSpec); |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 758 | } |
Remi NGUYEN VAN | 56fcae3 | 2019-02-04 11:32:20 +0900 | [diff] [blame] | 759 | appExtras.putString(ConnectivityManager.EXTRA_CAPTIVE_PORTAL_USER_AGENT, |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 760 | mCaptivePortalUserAgent); |
Remi NGUYEN VAN | ad99e54 | 2019-02-13 20:58:59 +0900 | [diff] [blame] | 761 | mCm.startCaptivePortalApp(network, appExtras); |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 762 | return HANDLED; |
| 763 | default: |
| 764 | return NOT_HANDLED; |
| 765 | } |
| 766 | } |
| 767 | |
| 768 | @Override |
| 769 | public void exit() { |
| 770 | hideProvisioningNotification(); |
| 771 | } |
| 772 | } |
| 773 | |
| 774 | // Being in the EvaluatingState State indicates the Network is being evaluated for internet |
| 775 | // connectivity, or that the user has indicated that this network is unwanted. |
| 776 | private class EvaluatingState extends State { |
| 777 | @Override |
| 778 | public void enter() { |
| 779 | // If we have already started to track time spent in EvaluatingState |
| 780 | // don't reset the timer due simply to, say, commands or events that |
| 781 | // cause us to exit and re-enter EvaluatingState. |
| 782 | if (!mEvaluationTimer.isStarted()) { |
| 783 | mEvaluationTimer.start(); |
| 784 | } |
| 785 | sendMessage(CMD_REEVALUATE, ++mReevaluateToken, 0); |
| 786 | if (mUidResponsibleForReeval != INVALID_UID) { |
| 787 | TrafficStats.setThreadStatsUid(mUidResponsibleForReeval); |
| 788 | mUidResponsibleForReeval = INVALID_UID; |
| 789 | } |
| 790 | mReevaluateDelayMs = INITIAL_REEVALUATE_DELAY_MS; |
| 791 | mEvaluateAttempts = 0; |
| 792 | } |
| 793 | |
| 794 | @Override |
| 795 | public boolean processMessage(Message message) { |
| 796 | switch (message.what) { |
| 797 | case CMD_REEVALUATE: |
| 798 | if (message.arg1 != mReevaluateToken || mUserDoesNotWant) { |
| 799 | return HANDLED; |
| 800 | } |
| 801 | // Don't bother validating networks that don't satisfy the default request. |
| 802 | // This includes: |
| 803 | // - VPNs which can be considered explicitly desired by the user and the |
| 804 | // user's desire trumps whether the network validates. |
| 805 | // - Networks that don't provide Internet access. It's unclear how to |
| 806 | // validate such networks. |
| 807 | // - Untrusted networks. It's unsafe to prompt the user to sign-in to |
| 808 | // such networks and the user didn't express interest in connecting to |
| 809 | // such networks (an app did) so the user may be unhappily surprised when |
| 810 | // asked to sign-in to a network they didn't want to connect to in the |
| 811 | // first place. Validation could be done to adjust the network scores |
| 812 | // however these networks are app-requested and may not be intended for |
| 813 | // general usage, in which case general validation may not be an accurate |
| 814 | // measure of the network's quality. Only the app knows how to evaluate |
| 815 | // the network so don't bother validating here. Furthermore sending HTTP |
| 816 | // packets over the network may be undesirable, for example an extremely |
| 817 | // expensive metered network, or unwanted leaking of the User Agent string. |
| 818 | if (!isValidationRequired()) { |
| 819 | validationLog("Network would not satisfy default request, not validating"); |
| 820 | transitionTo(mValidatedState); |
| 821 | return HANDLED; |
| 822 | } |
| 823 | mEvaluateAttempts++; |
| 824 | |
| 825 | transitionTo(mProbingState); |
| 826 | return HANDLED; |
| 827 | case CMD_FORCE_REEVALUATION: |
| 828 | // Before IGNORE_REEVALUATE_ATTEMPTS attempts are made, |
| 829 | // ignore any re-evaluation requests. After, restart the |
| 830 | // evaluation process via EvaluatingState#enter. |
| 831 | return (mEvaluateAttempts < IGNORE_REEVALUATE_ATTEMPTS) ? HANDLED : NOT_HANDLED; |
| 832 | default: |
| 833 | return NOT_HANDLED; |
| 834 | } |
| 835 | } |
| 836 | |
| 837 | @Override |
| 838 | public void exit() { |
| 839 | TrafficStats.clearThreadStatsUid(); |
| 840 | } |
| 841 | } |
| 842 | |
| 843 | // BroadcastReceiver that waits for a particular Intent and then posts a message. |
| 844 | private class CustomIntentReceiver extends BroadcastReceiver { |
| 845 | private final int mToken; |
| 846 | private final int mWhat; |
| 847 | private final String mAction; |
| 848 | CustomIntentReceiver(String action, int token, int what) { |
| 849 | mToken = token; |
| 850 | mWhat = what; |
Remi NGUYEN VAN | a0983f7 | 2019-01-20 16:50:42 +0900 | [diff] [blame] | 851 | mAction = action + "_" + mNetwork.getNetworkHandle() + "_" + token; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 852 | mContext.registerReceiver(this, new IntentFilter(mAction)); |
| 853 | } |
| 854 | public PendingIntent getPendingIntent() { |
| 855 | final Intent intent = new Intent(mAction); |
| 856 | intent.setPackage(mContext.getPackageName()); |
| 857 | return PendingIntent.getBroadcast(mContext, 0, intent, 0); |
| 858 | } |
| 859 | @Override |
| 860 | public void onReceive(Context context, Intent intent) { |
| 861 | if (intent.getAction().equals(mAction)) sendMessage(obtainMessage(mWhat, mToken)); |
| 862 | } |
| 863 | } |
| 864 | |
| 865 | // Being in the CaptivePortalState State indicates a captive portal was detected and the user |
| 866 | // has been shown a notification to sign-in. |
| 867 | private class CaptivePortalState extends State { |
| 868 | private static final String ACTION_LAUNCH_CAPTIVE_PORTAL_APP = |
| 869 | "android.net.netmon.launchCaptivePortalApp"; |
| 870 | |
| 871 | @Override |
| 872 | public void enter() { |
| 873 | maybeLogEvaluationResult( |
| 874 | networkEventType(validationStage(), EvaluationResult.CAPTIVE_PORTAL)); |
| 875 | // Don't annoy user with sign-in notifications. |
| 876 | if (mDontDisplaySigninNotification) return; |
| 877 | // Create a CustomIntentReceiver that sends us a |
| 878 | // CMD_LAUNCH_CAPTIVE_PORTAL_APP message when the user |
| 879 | // touches the notification. |
| 880 | if (mLaunchCaptivePortalAppBroadcastReceiver == null) { |
| 881 | // Wait for result. |
| 882 | mLaunchCaptivePortalAppBroadcastReceiver = new CustomIntentReceiver( |
| 883 | ACTION_LAUNCH_CAPTIVE_PORTAL_APP, new Random().nextInt(), |
| 884 | CMD_LAUNCH_CAPTIVE_PORTAL_APP); |
| 885 | } |
| 886 | // Display the sign in notification. |
| 887 | showProvisioningNotification(mLaunchCaptivePortalAppBroadcastReceiver.mAction); |
| 888 | // Retest for captive portal occasionally. |
| 889 | sendMessageDelayed(CMD_CAPTIVE_PORTAL_RECHECK, 0 /* no UID */, |
| 890 | CAPTIVE_PORTAL_REEVALUATE_DELAY_MS); |
| 891 | mValidations++; |
| 892 | } |
| 893 | |
| 894 | @Override |
| 895 | public void exit() { |
| 896 | removeMessages(CMD_CAPTIVE_PORTAL_RECHECK); |
| 897 | } |
| 898 | } |
| 899 | |
| 900 | private class EvaluatingPrivateDnsState extends State { |
| 901 | private int mPrivateDnsReevalDelayMs; |
| 902 | private PrivateDnsConfig mPrivateDnsConfig; |
| 903 | |
| 904 | @Override |
| 905 | public void enter() { |
| 906 | mPrivateDnsReevalDelayMs = INITIAL_REEVALUATE_DELAY_MS; |
| 907 | mPrivateDnsConfig = null; |
| 908 | sendMessage(CMD_EVALUATE_PRIVATE_DNS); |
| 909 | } |
| 910 | |
| 911 | @Override |
| 912 | public boolean processMessage(Message msg) { |
| 913 | switch (msg.what) { |
| 914 | case CMD_EVALUATE_PRIVATE_DNS: |
| 915 | if (inStrictMode()) { |
| 916 | if (!isStrictModeHostnameResolved()) { |
| 917 | resolveStrictModeHostname(); |
| 918 | |
| 919 | if (isStrictModeHostnameResolved()) { |
| 920 | notifyPrivateDnsConfigResolved(); |
| 921 | } else { |
| 922 | handlePrivateDnsEvaluationFailure(); |
| 923 | break; |
| 924 | } |
| 925 | } |
| 926 | |
| 927 | // Look up a one-time hostname, to bypass caching. |
| 928 | // |
| 929 | // Note that this will race with ConnectivityService |
| 930 | // code programming the DNS-over-TLS server IP addresses |
| 931 | // into netd (if invoked, above). If netd doesn't know |
| 932 | // the IP addresses yet, or if the connections to the IP |
| 933 | // addresses haven't yet been validated, netd will block |
| 934 | // for up to a few seconds before failing the lookup. |
| 935 | if (!sendPrivateDnsProbe()) { |
| 936 | handlePrivateDnsEvaluationFailure(); |
| 937 | break; |
| 938 | } |
| 939 | } |
| 940 | |
| 941 | // All good! |
| 942 | transitionTo(mValidatedState); |
| 943 | break; |
| 944 | default: |
| 945 | return NOT_HANDLED; |
| 946 | } |
| 947 | return HANDLED; |
| 948 | } |
| 949 | |
| 950 | private boolean inStrictMode() { |
| 951 | return !TextUtils.isEmpty(mPrivateDnsProviderHostname); |
| 952 | } |
| 953 | |
| 954 | private boolean isStrictModeHostnameResolved() { |
| 955 | return (mPrivateDnsConfig != null) |
| 956 | && mPrivateDnsConfig.hostname.equals(mPrivateDnsProviderHostname) |
| 957 | && (mPrivateDnsConfig.ips.length > 0); |
| 958 | } |
| 959 | |
| 960 | private void resolveStrictModeHostname() { |
| 961 | try { |
| 962 | // Do a blocking DNS resolution using the network-assigned nameservers. |
| 963 | final InetAddress[] ips = mNetwork.getAllByName(mPrivateDnsProviderHostname); |
| 964 | mPrivateDnsConfig = new PrivateDnsConfig(mPrivateDnsProviderHostname, ips); |
| 965 | validationLog("Strict mode hostname resolved: " + mPrivateDnsConfig); |
| 966 | } catch (UnknownHostException uhe) { |
| 967 | mPrivateDnsConfig = null; |
| 968 | validationLog("Strict mode hostname resolution failed: " + uhe.getMessage()); |
| 969 | } |
| 970 | } |
| 971 | |
| 972 | private void notifyPrivateDnsConfigResolved() { |
| 973 | try { |
| 974 | mCallback.notifyPrivateDnsConfigResolved(mPrivateDnsConfig.toParcel()); |
| 975 | } catch (RemoteException e) { |
| 976 | Log.e(TAG, "Error sending private DNS config resolved notification", e); |
| 977 | } |
| 978 | } |
| 979 | |
| 980 | private void handlePrivateDnsEvaluationFailure() { |
| 981 | notifyNetworkTested(NETWORK_TEST_RESULT_INVALID, null); |
| 982 | |
| 983 | // Queue up a re-evaluation with backoff. |
| 984 | // |
| 985 | // TODO: Consider abandoning this state after a few attempts and |
| 986 | // transitioning back to EvaluatingState, to perhaps give ourselves |
| 987 | // the opportunity to (re)detect a captive portal or something. |
| 988 | sendMessageDelayed(CMD_EVALUATE_PRIVATE_DNS, mPrivateDnsReevalDelayMs); |
| 989 | mPrivateDnsReevalDelayMs *= 2; |
| 990 | if (mPrivateDnsReevalDelayMs > MAX_REEVALUATE_DELAY_MS) { |
| 991 | mPrivateDnsReevalDelayMs = MAX_REEVALUATE_DELAY_MS; |
| 992 | } |
| 993 | } |
| 994 | |
| 995 | private boolean sendPrivateDnsProbe() { |
| 996 | // q.v. system/netd/server/dns/DnsTlsTransport.cpp |
| 997 | final String oneTimeHostnameSuffix = "-dnsotls-ds.metric.gstatic.com"; |
| 998 | final String host = UUID.randomUUID().toString().substring(0, 8) |
| 999 | + oneTimeHostnameSuffix; |
| 1000 | final Stopwatch watch = new Stopwatch().start(); |
| 1001 | try { |
| 1002 | final InetAddress[] ips = mNonPrivateDnsBypassNetwork.getAllByName(host); |
| 1003 | final long time = watch.stop(); |
| 1004 | final String strIps = Arrays.toString(ips); |
| 1005 | final boolean success = (ips != null && ips.length > 0); |
| 1006 | validationLog(PROBE_PRIVDNS, host, String.format("%dms: %s", time, strIps)); |
| 1007 | logValidationProbe(time, PROBE_PRIVDNS, success ? DNS_SUCCESS : DNS_FAILURE); |
| 1008 | return success; |
| 1009 | } catch (UnknownHostException uhe) { |
| 1010 | final long time = watch.stop(); |
| 1011 | validationLog(PROBE_PRIVDNS, host, |
| 1012 | String.format("%dms - Error: %s", time, uhe.getMessage())); |
| 1013 | logValidationProbe(time, PROBE_PRIVDNS, DNS_FAILURE); |
| 1014 | } |
| 1015 | return false; |
| 1016 | } |
| 1017 | } |
| 1018 | |
| 1019 | private class ProbingState extends State { |
| 1020 | private Thread mThread; |
| 1021 | |
| 1022 | @Override |
| 1023 | public void enter() { |
| 1024 | if (mEvaluateAttempts >= BLAME_FOR_EVALUATION_ATTEMPTS) { |
| 1025 | //Don't continue to blame UID forever. |
| 1026 | TrafficStats.clearThreadStatsUid(); |
| 1027 | } |
| 1028 | |
| 1029 | final int token = ++mProbeToken; |
| 1030 | mThread = new Thread(() -> sendMessage(obtainMessage(CMD_PROBE_COMPLETE, token, 0, |
| 1031 | isCaptivePortal()))); |
| 1032 | mThread.start(); |
| 1033 | } |
| 1034 | |
| 1035 | @Override |
| 1036 | public boolean processMessage(Message message) { |
| 1037 | switch (message.what) { |
| 1038 | case CMD_PROBE_COMPLETE: |
| 1039 | // Ensure that CMD_PROBE_COMPLETE from stale threads are ignored. |
| 1040 | if (message.arg1 != mProbeToken) { |
| 1041 | return HANDLED; |
| 1042 | } |
| 1043 | |
| 1044 | final CaptivePortalProbeResult probeResult = |
| 1045 | (CaptivePortalProbeResult) message.obj; |
| 1046 | mLastProbeTime = SystemClock.elapsedRealtime(); |
Chiachang Wang | 8b5f84a | 2019-02-22 11:13:07 +0800 | [diff] [blame^] | 1047 | |
| 1048 | if (mCollectDataStallMetrics) { |
| 1049 | writeDataStallStats(probeResult); |
| 1050 | } |
| 1051 | |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 1052 | if (probeResult.isSuccessful()) { |
| 1053 | // Transit EvaluatingPrivateDnsState to get to Validated |
| 1054 | // state (even if no Private DNS validation required). |
| 1055 | transitionTo(mEvaluatingPrivateDnsState); |
| 1056 | } else if (probeResult.isPortal()) { |
| 1057 | notifyNetworkTested(NETWORK_TEST_RESULT_INVALID, probeResult.redirectUrl); |
| 1058 | mLastPortalProbeResult = probeResult; |
| 1059 | transitionTo(mCaptivePortalState); |
| 1060 | } else { |
| 1061 | logNetworkEvent(NetworkEvent.NETWORK_VALIDATION_FAILED); |
| 1062 | notifyNetworkTested(NETWORK_TEST_RESULT_INVALID, probeResult.redirectUrl); |
| 1063 | transitionTo(mWaitingForNextProbeState); |
| 1064 | } |
| 1065 | return HANDLED; |
| 1066 | case EVENT_DNS_NOTIFICATION: |
| 1067 | // Leave the event to DefaultState to record correct dns timestamp. |
| 1068 | return NOT_HANDLED; |
| 1069 | default: |
| 1070 | // Wait for probe result and defer events to next state by default. |
| 1071 | deferMessage(message); |
| 1072 | return HANDLED; |
| 1073 | } |
| 1074 | } |
| 1075 | |
| 1076 | @Override |
| 1077 | public void exit() { |
| 1078 | if (mThread.isAlive()) { |
| 1079 | mThread.interrupt(); |
| 1080 | } |
| 1081 | mThread = null; |
| 1082 | } |
| 1083 | } |
| 1084 | |
| 1085 | // Being in the WaitingForNextProbeState indicates that evaluating probes failed and state is |
| 1086 | // transited from ProbingState. This ensures that the state machine is only in ProbingState |
| 1087 | // while a probe is in progress, not while waiting to perform the next probe. That allows |
| 1088 | // ProbingState to defer most messages until the probe is complete, which keeps the code simple |
| 1089 | // and matches the pre-Q behaviour where probes were a blocking operation performed on the state |
| 1090 | // machine thread. |
| 1091 | private class WaitingForNextProbeState extends State { |
| 1092 | @Override |
| 1093 | public void enter() { |
| 1094 | scheduleNextProbe(); |
| 1095 | } |
| 1096 | |
| 1097 | private void scheduleNextProbe() { |
| 1098 | final Message msg = obtainMessage(CMD_REEVALUATE, ++mReevaluateToken, 0); |
| 1099 | sendMessageDelayed(msg, mReevaluateDelayMs); |
| 1100 | mReevaluateDelayMs *= 2; |
| 1101 | if (mReevaluateDelayMs > MAX_REEVALUATE_DELAY_MS) { |
| 1102 | mReevaluateDelayMs = MAX_REEVALUATE_DELAY_MS; |
| 1103 | } |
| 1104 | } |
| 1105 | |
| 1106 | @Override |
| 1107 | public boolean processMessage(Message message) { |
| 1108 | return NOT_HANDLED; |
| 1109 | } |
| 1110 | } |
| 1111 | |
| 1112 | // Limits the list of IP addresses returned by getAllByName or tried by openConnection to at |
| 1113 | // most one per address family. This ensures we only wait up to 20 seconds for TCP connections |
| 1114 | // to complete, regardless of how many IP addresses a host has. |
| 1115 | private static class OneAddressPerFamilyNetwork extends Network { |
| 1116 | OneAddressPerFamilyNetwork(Network network) { |
| 1117 | // Always bypass Private DNS. |
| 1118 | super(network.getPrivateDnsBypassingCopy()); |
| 1119 | } |
| 1120 | |
| 1121 | @Override |
| 1122 | public InetAddress[] getAllByName(String host) throws UnknownHostException { |
| 1123 | final List<InetAddress> addrs = Arrays.asList(super.getAllByName(host)); |
| 1124 | |
| 1125 | // Ensure the address family of the first address is tried first. |
| 1126 | LinkedHashMap<Class, InetAddress> addressByFamily = new LinkedHashMap<>(); |
| 1127 | addressByFamily.put(addrs.get(0).getClass(), addrs.get(0)); |
| 1128 | Collections.shuffle(addrs); |
| 1129 | |
| 1130 | for (InetAddress addr : addrs) { |
| 1131 | addressByFamily.put(addr.getClass(), addr); |
| 1132 | } |
| 1133 | |
| 1134 | return addressByFamily.values().toArray(new InetAddress[addressByFamily.size()]); |
| 1135 | } |
| 1136 | } |
| 1137 | |
| 1138 | private boolean getIsCaptivePortalCheckEnabled() { |
| 1139 | String symbol = Settings.Global.CAPTIVE_PORTAL_MODE; |
| 1140 | int defaultValue = Settings.Global.CAPTIVE_PORTAL_MODE_PROMPT; |
| 1141 | int mode = mDependencies.getSetting(mContext, symbol, defaultValue); |
| 1142 | return mode != Settings.Global.CAPTIVE_PORTAL_MODE_IGNORE; |
| 1143 | } |
| 1144 | |
| 1145 | private boolean getUseHttpsValidation() { |
| 1146 | return mDependencies.getSetting(mContext, Settings.Global.CAPTIVE_PORTAL_USE_HTTPS, 1) == 1; |
| 1147 | } |
| 1148 | |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 1149 | private String getCaptivePortalServerHttpsUrl() { |
| 1150 | return mDependencies.getSetting(mContext, |
| 1151 | Settings.Global.CAPTIVE_PORTAL_HTTPS_URL, DEFAULT_HTTPS_URL); |
| 1152 | } |
| 1153 | |
| 1154 | private int getConsecutiveDnsTimeoutThreshold() { |
| 1155 | return mDependencies.getSetting(mContext, |
| 1156 | Settings.Global.DATA_STALL_CONSECUTIVE_DNS_TIMEOUT_THRESHOLD, |
| 1157 | DEFAULT_CONSECUTIVE_DNS_TIMEOUT_THRESHOLD); |
| 1158 | } |
| 1159 | |
| 1160 | private int getDataStallMinEvaluateTime() { |
| 1161 | return mDependencies.getSetting(mContext, |
| 1162 | Settings.Global.DATA_STALL_MIN_EVALUATE_INTERVAL, |
| 1163 | DEFAULT_DATA_STALL_MIN_EVALUATE_TIME_MS); |
| 1164 | } |
| 1165 | |
| 1166 | private int getDataStallValidDnsTimeThreshold() { |
| 1167 | return mDependencies.getSetting(mContext, |
| 1168 | Settings.Global.DATA_STALL_VALID_DNS_TIME_THRESHOLD, |
| 1169 | DEFAULT_DATA_STALL_VALID_DNS_TIME_THRESHOLD_MS); |
| 1170 | } |
| 1171 | |
| 1172 | private int getDataStallEvalutionType() { |
| 1173 | return mDependencies.getSetting(mContext, Settings.Global.DATA_STALL_EVALUATION_TYPE, |
| 1174 | DEFAULT_DATA_STALL_EVALUATION_TYPES); |
| 1175 | } |
| 1176 | |
| 1177 | private URL[] makeCaptivePortalFallbackUrls() { |
| 1178 | try { |
| 1179 | String separator = ","; |
| 1180 | String firstUrl = mDependencies.getSetting(mContext, |
| 1181 | Settings.Global.CAPTIVE_PORTAL_FALLBACK_URL, DEFAULT_FALLBACK_URL); |
| 1182 | String joinedUrls = firstUrl + separator + mDependencies.getSetting(mContext, |
| 1183 | Settings.Global.CAPTIVE_PORTAL_OTHER_FALLBACK_URLS, |
| 1184 | DEFAULT_OTHER_FALLBACK_URLS); |
| 1185 | List<URL> urls = new ArrayList<>(); |
| 1186 | for (String s : joinedUrls.split(separator)) { |
| 1187 | URL u = makeURL(s); |
| 1188 | if (u == null) { |
| 1189 | continue; |
| 1190 | } |
| 1191 | urls.add(u); |
| 1192 | } |
| 1193 | if (urls.isEmpty()) { |
| 1194 | Log.e(TAG, String.format("could not create any url from %s", joinedUrls)); |
| 1195 | } |
| 1196 | return urls.toArray(new URL[urls.size()]); |
| 1197 | } catch (Exception e) { |
| 1198 | // Don't let a misconfiguration bootloop the system. |
| 1199 | Log.e(TAG, "Error parsing configured fallback URLs", e); |
| 1200 | return new URL[0]; |
| 1201 | } |
| 1202 | } |
| 1203 | |
| 1204 | private CaptivePortalProbeSpec[] makeCaptivePortalFallbackProbeSpecs() { |
| 1205 | try { |
| 1206 | final String settingsValue = mDependencies.getSetting( |
| 1207 | mContext, Settings.Global.CAPTIVE_PORTAL_FALLBACK_PROBE_SPECS, null); |
| 1208 | // Probe specs only used if configured in settings |
| 1209 | if (TextUtils.isEmpty(settingsValue)) { |
| 1210 | return null; |
| 1211 | } |
| 1212 | |
Remi NGUYEN VAN | 777022e | 2019-01-28 13:28:35 +0900 | [diff] [blame] | 1213 | final Collection<CaptivePortalProbeSpec> specs = |
| 1214 | CaptivePortalProbeSpec.parseCaptivePortalProbeSpecs(settingsValue); |
| 1215 | final CaptivePortalProbeSpec[] specsArray = new CaptivePortalProbeSpec[specs.size()]; |
| 1216 | return specs.toArray(specsArray); |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 1217 | } catch (Exception e) { |
| 1218 | // Don't let a misconfiguration bootloop the system. |
| 1219 | Log.e(TAG, "Error parsing configured fallback probe specs", e); |
| 1220 | return null; |
| 1221 | } |
| 1222 | } |
| 1223 | |
| 1224 | private String getCaptivePortalUserAgent() { |
| 1225 | return mDependencies.getSetting(mContext, |
| 1226 | Settings.Global.CAPTIVE_PORTAL_USER_AGENT, DEFAULT_USER_AGENT); |
| 1227 | } |
| 1228 | |
| 1229 | private URL nextFallbackUrl() { |
| 1230 | if (mCaptivePortalFallbackUrls.length == 0) { |
| 1231 | return null; |
| 1232 | } |
| 1233 | int idx = Math.abs(mNextFallbackUrlIndex) % mCaptivePortalFallbackUrls.length; |
| 1234 | mNextFallbackUrlIndex += mRandom.nextInt(); // randomly change url without memory. |
| 1235 | return mCaptivePortalFallbackUrls[idx]; |
| 1236 | } |
| 1237 | |
| 1238 | private CaptivePortalProbeSpec nextFallbackSpec() { |
Remi NGUYEN VAN | abeaaf7 | 2019-01-20 13:48:19 +0900 | [diff] [blame] | 1239 | if (isEmpty(mCaptivePortalFallbackSpecs)) { |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 1240 | return null; |
| 1241 | } |
| 1242 | // Randomly change spec without memory. Also randomize the first attempt. |
| 1243 | final int idx = Math.abs(mRandom.nextInt()) % mCaptivePortalFallbackSpecs.length; |
| 1244 | return mCaptivePortalFallbackSpecs[idx]; |
| 1245 | } |
| 1246 | |
| 1247 | @VisibleForTesting |
| 1248 | protected CaptivePortalProbeResult isCaptivePortal() { |
| 1249 | if (!mIsCaptivePortalCheckEnabled) { |
| 1250 | validationLog("Validation disabled."); |
| 1251 | return CaptivePortalProbeResult.SUCCESS; |
| 1252 | } |
| 1253 | |
| 1254 | URL pacUrl = null; |
| 1255 | URL httpsUrl = mCaptivePortalHttpsUrl; |
| 1256 | URL httpUrl = mCaptivePortalHttpUrl; |
| 1257 | |
| 1258 | // On networks with a PAC instead of fetching a URL that should result in a 204 |
| 1259 | // response, we instead simply fetch the PAC script. This is done for a few reasons: |
| 1260 | // 1. At present our PAC code does not yet handle multiple PACs on multiple networks |
| 1261 | // until something like https://android-review.googlesource.com/#/c/115180/ lands. |
| 1262 | // Network.openConnection() will ignore network-specific PACs and instead fetch |
| 1263 | // using NO_PROXY. If a PAC is in place, the only fetch we know will succeed with |
| 1264 | // NO_PROXY is the fetch of the PAC itself. |
| 1265 | // 2. To proxy the generate_204 fetch through a PAC would require a number of things |
| 1266 | // happen before the fetch can commence, namely: |
| 1267 | // a) the PAC script be fetched |
| 1268 | // b) a PAC script resolver service be fired up and resolve the captive portal |
| 1269 | // server. |
| 1270 | // Network validation could be delayed until these prerequisities are satisifed or |
| 1271 | // could simply be left to race them. Neither is an optimal solution. |
| 1272 | // 3. PAC scripts are sometimes used to block or restrict Internet access and may in |
| 1273 | // fact block fetching of the generate_204 URL which would lead to false negative |
| 1274 | // results for network validation. |
| 1275 | final ProxyInfo proxyInfo = mLinkProperties.getHttpProxy(); |
| 1276 | if (proxyInfo != null && !Uri.EMPTY.equals(proxyInfo.getPacFileUrl())) { |
| 1277 | pacUrl = makeURL(proxyInfo.getPacFileUrl().toString()); |
| 1278 | if (pacUrl == null) { |
| 1279 | return CaptivePortalProbeResult.FAILED; |
| 1280 | } |
| 1281 | } |
| 1282 | |
| 1283 | if ((pacUrl == null) && (httpUrl == null || httpsUrl == null)) { |
| 1284 | return CaptivePortalProbeResult.FAILED; |
| 1285 | } |
| 1286 | |
| 1287 | long startTime = SystemClock.elapsedRealtime(); |
| 1288 | |
| 1289 | final CaptivePortalProbeResult result; |
| 1290 | if (pacUrl != null) { |
| 1291 | result = sendDnsAndHttpProbes(null, pacUrl, ValidationProbeEvent.PROBE_PAC); |
| 1292 | } else if (mUseHttps) { |
| 1293 | result = sendParallelHttpProbes(proxyInfo, httpsUrl, httpUrl); |
| 1294 | } else { |
| 1295 | result = sendDnsAndHttpProbes(proxyInfo, httpUrl, ValidationProbeEvent.PROBE_HTTP); |
| 1296 | } |
| 1297 | |
| 1298 | long endTime = SystemClock.elapsedRealtime(); |
| 1299 | |
| 1300 | sendNetworkConditionsBroadcast(true /* response received */, |
| 1301 | result.isPortal() /* isCaptivePortal */, |
| 1302 | startTime, endTime); |
| 1303 | |
| 1304 | log("isCaptivePortal: isSuccessful()=" + result.isSuccessful() |
| 1305 | + " isPortal()=" + result.isPortal() |
| 1306 | + " RedirectUrl=" + result.redirectUrl |
| 1307 | + " Time=" + (endTime - startTime) + "ms"); |
| 1308 | |
| 1309 | return result; |
| 1310 | } |
| 1311 | |
| 1312 | /** |
| 1313 | * Do a DNS resolution and URL fetch on a known web server to see if we get the data we expect. |
| 1314 | * @return a CaptivePortalProbeResult inferred from the HTTP response. |
| 1315 | */ |
| 1316 | private CaptivePortalProbeResult sendDnsAndHttpProbes(ProxyInfo proxy, URL url, int probeType) { |
| 1317 | // Pre-resolve the captive portal server host so we can log it. |
| 1318 | // Only do this if HttpURLConnection is about to, to avoid any potentially |
| 1319 | // unnecessary resolution. |
| 1320 | final String host = (proxy != null) ? proxy.getHost() : url.getHost(); |
| 1321 | sendDnsProbe(host); |
| 1322 | return sendHttpProbe(url, probeType, null); |
| 1323 | } |
| 1324 | |
| 1325 | /** Do a DNS resolution of the given server. */ |
| 1326 | private void sendDnsProbe(String host) { |
| 1327 | if (TextUtils.isEmpty(host)) { |
| 1328 | return; |
| 1329 | } |
| 1330 | |
| 1331 | final String name = ValidationProbeEvent.getProbeName(ValidationProbeEvent.PROBE_DNS); |
| 1332 | final Stopwatch watch = new Stopwatch().start(); |
| 1333 | int result; |
| 1334 | String connectInfo; |
| 1335 | try { |
| 1336 | InetAddress[] addresses = mNetwork.getAllByName(host); |
| 1337 | StringBuffer buffer = new StringBuffer(); |
| 1338 | for (InetAddress address : addresses) { |
| 1339 | buffer.append(',').append(address.getHostAddress()); |
| 1340 | } |
| 1341 | result = ValidationProbeEvent.DNS_SUCCESS; |
| 1342 | connectInfo = "OK " + buffer.substring(1); |
| 1343 | } catch (UnknownHostException e) { |
| 1344 | result = ValidationProbeEvent.DNS_FAILURE; |
| 1345 | connectInfo = "FAIL"; |
| 1346 | } |
| 1347 | final long latency = watch.stop(); |
| 1348 | validationLog(ValidationProbeEvent.PROBE_DNS, host, |
| 1349 | String.format("%dms %s", latency, connectInfo)); |
| 1350 | logValidationProbe(latency, ValidationProbeEvent.PROBE_DNS, result); |
| 1351 | } |
| 1352 | |
| 1353 | /** |
| 1354 | * Do a URL fetch on a known web server to see if we get the data we expect. |
| 1355 | * @return a CaptivePortalProbeResult inferred from the HTTP response. |
| 1356 | */ |
| 1357 | @VisibleForTesting |
| 1358 | protected CaptivePortalProbeResult sendHttpProbe(URL url, int probeType, |
| 1359 | @Nullable CaptivePortalProbeSpec probeSpec) { |
| 1360 | HttpURLConnection urlConnection = null; |
| 1361 | int httpResponseCode = CaptivePortalProbeResult.FAILED_CODE; |
| 1362 | String redirectUrl = null; |
| 1363 | final Stopwatch probeTimer = new Stopwatch().start(); |
| 1364 | final int oldTag = TrafficStats.getAndSetThreadStatsTag(TrafficStats.TAG_SYSTEM_PROBE); |
| 1365 | try { |
| 1366 | urlConnection = (HttpURLConnection) mNetwork.openConnection(url); |
| 1367 | urlConnection.setInstanceFollowRedirects(probeType == ValidationProbeEvent.PROBE_PAC); |
| 1368 | urlConnection.setConnectTimeout(SOCKET_TIMEOUT_MS); |
| 1369 | urlConnection.setReadTimeout(SOCKET_TIMEOUT_MS); |
Hongshik | fc092a8 | 2019-01-12 03:09:34 +0900 | [diff] [blame] | 1370 | urlConnection.setRequestProperty("Connection", "close"); |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 1371 | urlConnection.setUseCaches(false); |
| 1372 | if (mCaptivePortalUserAgent != null) { |
| 1373 | urlConnection.setRequestProperty("User-Agent", mCaptivePortalUserAgent); |
| 1374 | } |
| 1375 | // cannot read request header after connection |
| 1376 | String requestHeader = urlConnection.getRequestProperties().toString(); |
| 1377 | |
| 1378 | // Time how long it takes to get a response to our request |
| 1379 | long requestTimestamp = SystemClock.elapsedRealtime(); |
| 1380 | |
| 1381 | httpResponseCode = urlConnection.getResponseCode(); |
| 1382 | redirectUrl = urlConnection.getHeaderField("location"); |
| 1383 | |
| 1384 | // Time how long it takes to get a response to our request |
| 1385 | long responseTimestamp = SystemClock.elapsedRealtime(); |
| 1386 | |
| 1387 | validationLog(probeType, url, "time=" + (responseTimestamp - requestTimestamp) + "ms" |
| 1388 | + " ret=" + httpResponseCode |
| 1389 | + " request=" + requestHeader |
| 1390 | + " headers=" + urlConnection.getHeaderFields()); |
| 1391 | // NOTE: We may want to consider an "HTTP/1.0 204" response to be a captive |
| 1392 | // portal. The only example of this seen so far was a captive portal. For |
| 1393 | // the time being go with prior behavior of assuming it's not a captive |
| 1394 | // portal. If it is considered a captive portal, a different sign-in URL |
| 1395 | // is needed (i.e. can't browse a 204). This could be the result of an HTTP |
| 1396 | // proxy server. |
| 1397 | if (httpResponseCode == 200) { |
| 1398 | if (probeType == ValidationProbeEvent.PROBE_PAC) { |
| 1399 | validationLog( |
| 1400 | probeType, url, "PAC fetch 200 response interpreted as 204 response."); |
| 1401 | httpResponseCode = CaptivePortalProbeResult.SUCCESS_CODE; |
| 1402 | } else if (urlConnection.getContentLengthLong() == 0) { |
| 1403 | // Consider 200 response with "Content-length=0" to not be a captive portal. |
| 1404 | // There's no point in considering this a captive portal as the user cannot |
| 1405 | // sign-in to an empty page. Probably the result of a broken transparent proxy. |
| 1406 | // See http://b/9972012. |
| 1407 | validationLog(probeType, url, |
| 1408 | "200 response with Content-length=0 interpreted as 204 response."); |
| 1409 | httpResponseCode = CaptivePortalProbeResult.SUCCESS_CODE; |
| 1410 | } else if (urlConnection.getContentLengthLong() == -1) { |
| 1411 | // When no Content-length (default value == -1), attempt to read a byte from the |
| 1412 | // response. Do not use available() as it is unreliable. See http://b/33498325. |
| 1413 | if (urlConnection.getInputStream().read() == -1) { |
| 1414 | validationLog( |
| 1415 | probeType, url, "Empty 200 response interpreted as 204 response."); |
| 1416 | httpResponseCode = CaptivePortalProbeResult.SUCCESS_CODE; |
| 1417 | } |
| 1418 | } |
| 1419 | } |
| 1420 | } catch (IOException e) { |
| 1421 | validationLog(probeType, url, "Probe failed with exception " + e); |
| 1422 | if (httpResponseCode == CaptivePortalProbeResult.FAILED_CODE) { |
| 1423 | // TODO: Ping gateway and DNS server and log results. |
| 1424 | } |
| 1425 | } finally { |
| 1426 | if (urlConnection != null) { |
| 1427 | urlConnection.disconnect(); |
| 1428 | } |
| 1429 | TrafficStats.setThreadStatsTag(oldTag); |
| 1430 | } |
| 1431 | logValidationProbe(probeTimer.stop(), probeType, httpResponseCode); |
| 1432 | |
| 1433 | if (probeSpec == null) { |
| 1434 | return new CaptivePortalProbeResult(httpResponseCode, redirectUrl, url.toString()); |
| 1435 | } else { |
| 1436 | return probeSpec.getResult(httpResponseCode, redirectUrl); |
| 1437 | } |
| 1438 | } |
| 1439 | |
| 1440 | private CaptivePortalProbeResult sendParallelHttpProbes( |
| 1441 | ProxyInfo proxy, URL httpsUrl, URL httpUrl) { |
| 1442 | // Number of probes to wait for. If a probe completes with a conclusive answer |
| 1443 | // it shortcuts the latch immediately by forcing the count to 0. |
| 1444 | final CountDownLatch latch = new CountDownLatch(2); |
| 1445 | |
| 1446 | final class ProbeThread extends Thread { |
| 1447 | private final boolean mIsHttps; |
| 1448 | private volatile CaptivePortalProbeResult mResult = CaptivePortalProbeResult.FAILED; |
| 1449 | |
| 1450 | ProbeThread(boolean isHttps) { |
| 1451 | mIsHttps = isHttps; |
| 1452 | } |
| 1453 | |
| 1454 | public CaptivePortalProbeResult result() { |
| 1455 | return mResult; |
| 1456 | } |
| 1457 | |
| 1458 | @Override |
| 1459 | public void run() { |
| 1460 | if (mIsHttps) { |
| 1461 | mResult = |
| 1462 | sendDnsAndHttpProbes(proxy, httpsUrl, ValidationProbeEvent.PROBE_HTTPS); |
| 1463 | } else { |
| 1464 | mResult = sendDnsAndHttpProbes(proxy, httpUrl, ValidationProbeEvent.PROBE_HTTP); |
| 1465 | } |
| 1466 | if ((mIsHttps && mResult.isSuccessful()) || (!mIsHttps && mResult.isPortal())) { |
| 1467 | // Stop waiting immediately if https succeeds or if http finds a portal. |
| 1468 | while (latch.getCount() > 0) { |
| 1469 | latch.countDown(); |
| 1470 | } |
| 1471 | } |
| 1472 | // Signal this probe has completed. |
| 1473 | latch.countDown(); |
| 1474 | } |
| 1475 | } |
| 1476 | |
| 1477 | final ProbeThread httpsProbe = new ProbeThread(true); |
| 1478 | final ProbeThread httpProbe = new ProbeThread(false); |
| 1479 | |
| 1480 | try { |
| 1481 | httpsProbe.start(); |
| 1482 | httpProbe.start(); |
| 1483 | latch.await(PROBE_TIMEOUT_MS, TimeUnit.MILLISECONDS); |
| 1484 | } catch (InterruptedException e) { |
| 1485 | validationLog("Error: probes wait interrupted!"); |
| 1486 | return CaptivePortalProbeResult.FAILED; |
| 1487 | } |
| 1488 | |
| 1489 | final CaptivePortalProbeResult httpsResult = httpsProbe.result(); |
| 1490 | final CaptivePortalProbeResult httpResult = httpProbe.result(); |
| 1491 | |
| 1492 | // Look for a conclusive probe result first. |
| 1493 | if (httpResult.isPortal()) { |
| 1494 | return httpResult; |
| 1495 | } |
| 1496 | // httpsResult.isPortal() is not expected, but check it nonetheless. |
| 1497 | if (httpsResult.isPortal() || httpsResult.isSuccessful()) { |
| 1498 | return httpsResult; |
| 1499 | } |
| 1500 | // If a fallback method exists, use it to retry portal detection. |
| 1501 | // If we have new-style probe specs, use those. Otherwise, use the fallback URLs. |
| 1502 | final CaptivePortalProbeSpec probeSpec = nextFallbackSpec(); |
| 1503 | final URL fallbackUrl = (probeSpec != null) ? probeSpec.getUrl() : nextFallbackUrl(); |
| 1504 | if (fallbackUrl != null) { |
| 1505 | CaptivePortalProbeResult result = sendHttpProbe(fallbackUrl, PROBE_FALLBACK, probeSpec); |
| 1506 | if (result.isPortal()) { |
| 1507 | return result; |
| 1508 | } |
| 1509 | } |
| 1510 | // Otherwise wait until http and https probes completes and use their results. |
| 1511 | try { |
| 1512 | httpProbe.join(); |
| 1513 | if (httpProbe.result().isPortal()) { |
| 1514 | return httpProbe.result(); |
| 1515 | } |
| 1516 | httpsProbe.join(); |
| 1517 | return httpsProbe.result(); |
| 1518 | } catch (InterruptedException e) { |
| 1519 | validationLog("Error: http or https probe wait interrupted!"); |
| 1520 | return CaptivePortalProbeResult.FAILED; |
| 1521 | } |
| 1522 | } |
| 1523 | |
| 1524 | private URL makeURL(String url) { |
| 1525 | if (url != null) { |
| 1526 | try { |
| 1527 | return new URL(url); |
| 1528 | } catch (MalformedURLException e) { |
| 1529 | validationLog("Bad URL: " + url); |
| 1530 | } |
| 1531 | } |
| 1532 | return null; |
| 1533 | } |
| 1534 | |
| 1535 | /** |
| 1536 | * @param responseReceived - whether or not we received a valid HTTP response to our request. |
| 1537 | * If false, isCaptivePortal and responseTimestampMs are ignored |
| 1538 | * TODO: This should be moved to the transports. The latency could be passed to the transports |
| 1539 | * along with the captive portal result. Currently the TYPE_MOBILE broadcasts appear unused so |
| 1540 | * perhaps this could just be added to the WiFi transport only. |
| 1541 | */ |
| 1542 | private void sendNetworkConditionsBroadcast(boolean responseReceived, boolean isCaptivePortal, |
| 1543 | long requestTimestampMs, long responseTimestampMs) { |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 1544 | if (!mSystemReady) { |
| 1545 | return; |
| 1546 | } |
| 1547 | |
| 1548 | Intent latencyBroadcast = |
| 1549 | new Intent(NetworkMonitorUtils.ACTION_NETWORK_CONDITIONS_MEASURED); |
| 1550 | if (mNetworkCapabilities.hasTransport(TRANSPORT_WIFI)) { |
Chiachang Wang | b04f81c | 2019-02-14 09:30:58 +0800 | [diff] [blame] | 1551 | if (!mWifiManager.isScanAlwaysAvailable()) { |
| 1552 | return; |
| 1553 | } |
| 1554 | |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 1555 | WifiInfo currentWifiInfo = mWifiManager.getConnectionInfo(); |
| 1556 | if (currentWifiInfo != null) { |
| 1557 | // NOTE: getSSID()'s behavior changed in API 17; before that, SSIDs were not |
| 1558 | // surrounded by double quotation marks (thus violating the Javadoc), but this |
| 1559 | // was changed to match the Javadoc in API 17. Since clients may have started |
| 1560 | // sanitizing the output of this method since API 17 was released, we should |
| 1561 | // not change it here as it would become impossible to tell whether the SSID is |
| 1562 | // simply being surrounded by quotes due to the API, or whether those quotes |
| 1563 | // are actually part of the SSID. |
| 1564 | latencyBroadcast.putExtra(NetworkMonitorUtils.EXTRA_SSID, |
| 1565 | currentWifiInfo.getSSID()); |
| 1566 | latencyBroadcast.putExtra(NetworkMonitorUtils.EXTRA_BSSID, |
| 1567 | currentWifiInfo.getBSSID()); |
| 1568 | } else { |
| 1569 | if (VDBG) logw("network info is TYPE_WIFI but no ConnectionInfo found"); |
| 1570 | return; |
| 1571 | } |
| 1572 | latencyBroadcast.putExtra(NetworkMonitorUtils.EXTRA_CONNECTIVITY_TYPE, TYPE_WIFI); |
| 1573 | } else if (mNetworkCapabilities.hasTransport(TRANSPORT_CELLULAR)) { |
Chiachang Wang | b04f81c | 2019-02-14 09:30:58 +0800 | [diff] [blame] | 1574 | // TODO(b/123893112): Support multi-sim. |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 1575 | latencyBroadcast.putExtra(NetworkMonitorUtils.EXTRA_NETWORK_TYPE, |
| 1576 | mTelephonyManager.getNetworkType()); |
Chiachang Wang | b04f81c | 2019-02-14 09:30:58 +0800 | [diff] [blame] | 1577 | final ServiceState dataSs = mTelephonyManager.getServiceState(); |
| 1578 | if (dataSs == null) { |
| 1579 | logw("failed to retrieve ServiceState"); |
| 1580 | return; |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 1581 | } |
Chiachang Wang | b04f81c | 2019-02-14 09:30:58 +0800 | [diff] [blame] | 1582 | // See if the data sub is registered for PS services on cell. |
| 1583 | final NetworkRegistrationState nrs = dataSs.getNetworkRegistrationState( |
| 1584 | NetworkRegistrationState.DOMAIN_PS, |
| 1585 | AccessNetworkConstants.TransportType.WWAN); |
| 1586 | latencyBroadcast.putExtra( |
| 1587 | NetworkMonitorUtils.EXTRA_CELL_ID, |
| 1588 | nrs == null ? null : nrs.getCellIdentity()); |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 1589 | latencyBroadcast.putExtra(NetworkMonitorUtils.EXTRA_CONNECTIVITY_TYPE, TYPE_MOBILE); |
| 1590 | } else { |
| 1591 | return; |
| 1592 | } |
| 1593 | latencyBroadcast.putExtra(NetworkMonitorUtils.EXTRA_RESPONSE_RECEIVED, |
| 1594 | responseReceived); |
| 1595 | latencyBroadcast.putExtra(NetworkMonitorUtils.EXTRA_REQUEST_TIMESTAMP_MS, |
| 1596 | requestTimestampMs); |
| 1597 | |
| 1598 | if (responseReceived) { |
| 1599 | latencyBroadcast.putExtra(NetworkMonitorUtils.EXTRA_IS_CAPTIVE_PORTAL, |
| 1600 | isCaptivePortal); |
| 1601 | latencyBroadcast.putExtra(NetworkMonitorUtils.EXTRA_RESPONSE_TIMESTAMP_MS, |
| 1602 | responseTimestampMs); |
| 1603 | } |
| 1604 | mContext.sendBroadcastAsUser(latencyBroadcast, UserHandle.CURRENT, |
| 1605 | NetworkMonitorUtils.PERMISSION_ACCESS_NETWORK_CONDITIONS); |
| 1606 | } |
| 1607 | |
| 1608 | private void logNetworkEvent(int evtype) { |
| 1609 | int[] transports = mNetworkCapabilities.getTransportTypes(); |
Remi NGUYEN VAN | a0983f7 | 2019-01-20 16:50:42 +0900 | [diff] [blame] | 1610 | mMetricsLog.log(mNetwork, transports, new NetworkEvent(evtype)); |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 1611 | } |
| 1612 | |
| 1613 | private int networkEventType(ValidationStage s, EvaluationResult r) { |
| 1614 | if (s.mIsFirstValidation) { |
| 1615 | if (r.mIsValidated) { |
| 1616 | return NetworkEvent.NETWORK_FIRST_VALIDATION_SUCCESS; |
| 1617 | } else { |
| 1618 | return NetworkEvent.NETWORK_FIRST_VALIDATION_PORTAL_FOUND; |
| 1619 | } |
| 1620 | } else { |
| 1621 | if (r.mIsValidated) { |
| 1622 | return NetworkEvent.NETWORK_REVALIDATION_SUCCESS; |
| 1623 | } else { |
| 1624 | return NetworkEvent.NETWORK_REVALIDATION_PORTAL_FOUND; |
| 1625 | } |
| 1626 | } |
| 1627 | } |
| 1628 | |
| 1629 | private void maybeLogEvaluationResult(int evtype) { |
| 1630 | if (mEvaluationTimer.isRunning()) { |
| 1631 | int[] transports = mNetworkCapabilities.getTransportTypes(); |
Remi NGUYEN VAN | a0983f7 | 2019-01-20 16:50:42 +0900 | [diff] [blame] | 1632 | mMetricsLog.log(mNetwork, transports, |
| 1633 | new NetworkEvent(evtype, mEvaluationTimer.stop())); |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 1634 | mEvaluationTimer.reset(); |
| 1635 | } |
| 1636 | } |
| 1637 | |
| 1638 | private void logValidationProbe(long durationMs, int probeType, int probeResult) { |
| 1639 | int[] transports = mNetworkCapabilities.getTransportTypes(); |
| 1640 | boolean isFirstValidation = validationStage().mIsFirstValidation; |
Remi NGUYEN VAN | c148d8b | 2019-01-19 21:13:24 +0900 | [diff] [blame] | 1641 | ValidationProbeEvent ev = new ValidationProbeEvent.Builder() |
| 1642 | .setProbeType(probeType, isFirstValidation) |
| 1643 | .setReturnCode(probeResult) |
| 1644 | .setDurationMs(durationMs) |
| 1645 | .build(); |
Remi NGUYEN VAN | a0983f7 | 2019-01-20 16:50:42 +0900 | [diff] [blame] | 1646 | mMetricsLog.log(mNetwork, transports, ev); |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 1647 | } |
| 1648 | |
| 1649 | @VisibleForTesting |
| 1650 | static class Dependencies { |
| 1651 | public Network getPrivateDnsBypassNetwork(Network network) { |
| 1652 | return new OneAddressPerFamilyNetwork(network); |
| 1653 | } |
| 1654 | |
| 1655 | public Random getRandom() { |
| 1656 | return new Random(); |
| 1657 | } |
| 1658 | |
| 1659 | /** |
| 1660 | * Get the captive portal server HTTP URL that is configured on the device. |
| 1661 | */ |
| 1662 | public String getCaptivePortalServerHttpUrl(Context context) { |
| 1663 | return NetworkMonitorUtils.getCaptivePortalServerHttpUrl(context); |
| 1664 | } |
| 1665 | |
| 1666 | /** |
| 1667 | * Get the value of a global integer setting. |
| 1668 | * @param symbol Name of the setting |
| 1669 | * @param defaultValue Value to return if the setting is not defined. |
| 1670 | */ |
| 1671 | public int getSetting(Context context, String symbol, int defaultValue) { |
| 1672 | return Settings.Global.getInt(context.getContentResolver(), symbol, defaultValue); |
| 1673 | } |
| 1674 | |
| 1675 | /** |
| 1676 | * Get the value of a global String setting. |
| 1677 | * @param symbol Name of the setting |
| 1678 | * @param defaultValue Value to return if the setting is not defined. |
| 1679 | */ |
| 1680 | public String getSetting(Context context, String symbol, String defaultValue) { |
| 1681 | final String value = Settings.Global.getString(context.getContentResolver(), symbol); |
| 1682 | return value != null ? value : defaultValue; |
| 1683 | } |
| 1684 | |
| 1685 | public static final Dependencies DEFAULT = new Dependencies(); |
| 1686 | } |
| 1687 | |
| 1688 | /** |
| 1689 | * Methods in this class perform no locking because all accesses are performed on the state |
| 1690 | * machine's thread. Need to consider the thread safety if it ever could be accessed outside the |
| 1691 | * state machine. |
| 1692 | */ |
| 1693 | @VisibleForTesting |
| 1694 | protected class DnsStallDetector { |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 1695 | private int mConsecutiveTimeoutCount = 0; |
| 1696 | private int mSize; |
| 1697 | final DnsResult[] mDnsEvents; |
| 1698 | final RingBufferIndices mResultIndices; |
| 1699 | |
| 1700 | DnsStallDetector(int size) { |
| 1701 | mSize = Math.max(DEFAULT_DNS_LOG_SIZE, size); |
| 1702 | mDnsEvents = new DnsResult[mSize]; |
| 1703 | mResultIndices = new RingBufferIndices(mSize); |
| 1704 | } |
| 1705 | |
| 1706 | @VisibleForTesting |
| 1707 | protected void accumulateConsecutiveDnsTimeoutCount(int code) { |
| 1708 | final DnsResult result = new DnsResult(code); |
| 1709 | mDnsEvents[mResultIndices.add()] = result; |
| 1710 | if (result.isTimeout()) { |
| 1711 | mConsecutiveTimeoutCount++; |
| 1712 | } else { |
| 1713 | // Keep the event in mDnsEvents without clearing it so that there are logs to do the |
| 1714 | // simulation and analysis. |
| 1715 | mConsecutiveTimeoutCount = 0; |
| 1716 | } |
| 1717 | } |
| 1718 | |
| 1719 | private boolean isDataStallSuspected(int timeoutCountThreshold, int validTime) { |
| 1720 | if (timeoutCountThreshold <= 0) { |
| 1721 | Log.wtf(TAG, "Timeout count threshold should be larger than 0."); |
| 1722 | return false; |
| 1723 | } |
| 1724 | |
| 1725 | // Check if the consecutive timeout count reach the threshold or not. |
| 1726 | if (mConsecutiveTimeoutCount < timeoutCountThreshold) { |
| 1727 | return false; |
| 1728 | } |
| 1729 | |
| 1730 | // Check if the target dns event index is valid or not. |
| 1731 | final int firstConsecutiveTimeoutIndex = |
| 1732 | mResultIndices.indexOf(mResultIndices.size() - timeoutCountThreshold); |
| 1733 | |
| 1734 | // If the dns timeout events happened long time ago, the events are meaningless for |
| 1735 | // data stall evaluation. Thus, check if the first consecutive timeout dns event |
| 1736 | // considered in the evaluation happened in defined threshold time. |
| 1737 | final long now = SystemClock.elapsedRealtime(); |
| 1738 | final long firstTimeoutTime = now - mDnsEvents[firstConsecutiveTimeoutIndex].mTimeStamp; |
| 1739 | return (firstTimeoutTime < validTime); |
| 1740 | } |
| 1741 | |
| 1742 | int getConsecutiveTimeoutCount() { |
| 1743 | return mConsecutiveTimeoutCount; |
| 1744 | } |
| 1745 | } |
| 1746 | |
| 1747 | private static class DnsResult { |
| 1748 | // TODO: Need to move the DNS return code definition to a specific class once unify DNS |
| 1749 | // response code is done. |
| 1750 | private static final int RETURN_CODE_DNS_TIMEOUT = 255; |
| 1751 | |
| 1752 | private final long mTimeStamp; |
| 1753 | private final int mReturnCode; |
| 1754 | |
| 1755 | DnsResult(int code) { |
| 1756 | mTimeStamp = SystemClock.elapsedRealtime(); |
| 1757 | mReturnCode = code; |
| 1758 | } |
| 1759 | |
| 1760 | private boolean isTimeout() { |
| 1761 | return mReturnCode == RETURN_CODE_DNS_TIMEOUT; |
| 1762 | } |
| 1763 | } |
| 1764 | |
| 1765 | |
| 1766 | @VisibleForTesting |
| 1767 | protected DnsStallDetector getDnsStallDetector() { |
| 1768 | return mDnsStallDetector; |
| 1769 | } |
| 1770 | |
| 1771 | private boolean dataStallEvaluateTypeEnabled(int type) { |
| 1772 | return (mDataStallEvaluationType & (1 << type)) != 0; |
| 1773 | } |
| 1774 | |
| 1775 | @VisibleForTesting |
| 1776 | protected long getLastProbeTime() { |
| 1777 | return mLastProbeTime; |
| 1778 | } |
| 1779 | |
| 1780 | @VisibleForTesting |
| 1781 | protected boolean isDataStall() { |
| 1782 | boolean result = false; |
| 1783 | // Reevaluation will generate traffic. Thus, set a minimal reevaluation timer to limit the |
| 1784 | // possible traffic cost in metered network. |
Remi NGUYEN VAN | a0983f7 | 2019-01-20 16:50:42 +0900 | [diff] [blame] | 1785 | if (!mNetworkCapabilities.hasCapability(NET_CAPABILITY_NOT_METERED) |
Remi NGUYEN VAN | 5daa370 | 2018-12-27 16:43:56 +0900 | [diff] [blame] | 1786 | && (SystemClock.elapsedRealtime() - getLastProbeTime() |
| 1787 | < mDataStallMinEvaluateTime)) { |
| 1788 | return false; |
| 1789 | } |
| 1790 | |
| 1791 | // Check dns signal. Suspect it may be a data stall if both : |
| 1792 | // 1. The number of consecutive DNS query timeouts > mConsecutiveDnsTimeoutThreshold. |
| 1793 | // 2. Those consecutive DNS queries happened in the last mValidDataStallDnsTimeThreshold ms. |
| 1794 | if (dataStallEvaluateTypeEnabled(DATA_STALL_EVALUATION_TYPE_DNS)) { |
| 1795 | if (mDnsStallDetector.isDataStallSuspected(mConsecutiveDnsTimeoutThreshold, |
| 1796 | mDataStallValidDnsTimeThreshold)) { |
| 1797 | result = true; |
| 1798 | logNetworkEvent(NetworkEvent.NETWORK_CONSECUTIVE_DNS_TIMEOUT_FOUND); |
| 1799 | } |
| 1800 | } |
| 1801 | |
| 1802 | if (VDBG_STALL) { |
| 1803 | log("isDataStall: result=" + result + ", consecutive dns timeout count=" |
| 1804 | + mDnsStallDetector.getConsecutiveTimeoutCount()); |
| 1805 | } |
| 1806 | |
| 1807 | return result; |
| 1808 | } |
| 1809 | } |