From 2386291f56006975da3c370c980dc6b24421c346 Mon Sep 17 00:00:00 2001 From: Lorenzo Colitti Date: Fri, 28 Sep 2018 11:31:55 +0900 Subject: [PATCH] Make requestRouteToHost a no-op for system callers. Everything in the system should now be using proper multinetwork APIs instead of this insecure and error-prone API. Make this method do nothing when called by the system. For now, keep the code around for backwards compatibility for apps targeting Android releases before M. Bug: 25824776 Bug: 25876485 Test: FrameworksNetTests pass Test: CtsNetTestCasesLegacyApi22 pass Test: CtsNetTestCasesLegacyPermission22 pass Test: android.net.cts.ConnectivityManagerTest passes Change-Id: I9b3557faccccc95c7b954db6a13b853b4c7edea0 --- core/java/android/net/ConnectivityManager.java | 11 +++-------- .../com/android/server/ConnectivityService.java | 17 +++++++++++++++++ 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/core/java/android/net/ConnectivityManager.java b/core/java/android/net/ConnectivityManager.java index f2e9078336..8333b817ad 100644 --- a/core/java/android/net/ConnectivityManager.java +++ b/core/java/android/net/ConnectivityManager.java @@ -26,7 +26,6 @@ import android.annotation.UnsupportedAppUsage; import android.app.PendingIntent; import android.content.Context; import android.content.Intent; -import android.content.pm.PackageManager; import android.os.Binder; import android.os.Build.VERSION_CODES; import android.os.Bundle; @@ -3801,8 +3800,9 @@ public class ConnectivityManager { private void unsupportedStartingFrom(int version) { if (Process.myUid() == Process.SYSTEM_UID) { - // The getApplicationInfo() call we make below is not supported in system context, and - // we want to allow the system to use these APIs anyway. + // The getApplicationInfo() call we make below is not supported in system context. Let + // the call through here, and rely on the fact that ConnectivityService will refuse to + // allow the system to use these APIs anyway. return; } @@ -3819,11 +3819,6 @@ public class ConnectivityManager { // functions by accessing ConnectivityService directly. However, it should be clear that doing // so is unsupported and may break in the future. http://b/22728205 private void checkLegacyRoutingApiAccess() { - if (mContext.checkCallingOrSelfPermission("com.android.permission.INJECT_OMADM_SETTINGS") - == PackageManager.PERMISSION_GRANTED) { - return; - } - unsupportedStartingFrom(VERSION_CODES.M); } diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java index e41a09ef67..0ea2052b9f 100644 --- a/services/core/java/com/android/server/ConnectivityService.java +++ b/services/core/java/com/android/server/ConnectivityService.java @@ -1475,6 +1475,20 @@ public class ConnectivityService extends IConnectivityManager.Stub } }; + /** + * Ensures that the system cannot call a particular method. + */ + private boolean disallowedBecauseSystemCaller() { + // TODO: start throwing a SecurityException when GnssLocationProvider stops calling + // requestRouteToHost. + if (isSystem(Binder.getCallingUid())) { + log("This method exists only for app backwards compatibility" + + " and must not be called by system services."); + return true; + } + return false; + } + /** * Ensure that a network route exists to deliver traffic to the specified * host via the specified network interface. @@ -1486,6 +1500,9 @@ public class ConnectivityService extends IConnectivityManager.Stub */ @Override public boolean requestRouteToHostAddress(int networkType, byte[] hostAddress) { + if (disallowedBecauseSystemCaller()) { + return false; + } enforceChangePermission(); if (mProtectedNetworks.contains(networkType)) { enforceConnectivityInternalPermission();