From 378fd10aa77131c2418150439830bceaef34cff3 Mon Sep 17 00:00:00 2001
From: chiachangwang <chiachangwang@google.com>
Date: Fri, 17 Feb 2023 02:48:47 +0000
Subject: [PATCH] Update design to fix non-protected broadcast from system
 issue

ActivityManager checks if there is any non-protected broadcast
sent from the system to prevent malwares sending the fake intent.
This could be fixed with declaring it as a protected broadcast
which is the current implementation. However, the uid in the
AndroidManifest for tethering is networkstack uid. Though system
only check whether the intent is defined as protected broadcast
or not regardless of where the protected intent is defined, it
is confusing to define the protected intent in tethering
AndroidManifest. Thus, update to alternative way to fulfill
the protection in ActivityManager to declare the required
permission in the broadcast filter and specify the expected
package name of the intent.

Bug: 269383522
Bug: 259000745
Test: atest FrameworksNetTests
Test: manually check no am_wtf log complains sending non-protected
      broadcast from system
Change-Id: I04986aed4fb92f85adcbac8a61665f3f465e2eab
---
 Tethering/AndroidManifest.xml                                | 1 -
 .../server/connectivity/AutomaticOnOffKeepaliveTracker.java  | 5 ++++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/Tethering/AndroidManifest.xml b/Tethering/AndroidManifest.xml
index 23467e78d9..6a363b09ab 100644
--- a/Tethering/AndroidManifest.xml
+++ b/Tethering/AndroidManifest.xml
@@ -45,7 +45,6 @@
 
     <!-- Sending non-protected broadcast from system uid is not allowed. -->
     <protected-broadcast android:name="com.android.server.connectivity.tethering.DISABLE_TETHERING" />
-    <protected-broadcast android:name="com.android.server.connectivity.KeepaliveTracker.TCP_POLLING_ALARM" />
 
     <application
         android:process="com.android.networkstack.process"
diff --git a/service/src/com/android/server/connectivity/AutomaticOnOffKeepaliveTracker.java b/service/src/com/android/server/connectivity/AutomaticOnOffKeepaliveTracker.java
index b30f649485..199010d042 100644
--- a/service/src/com/android/server/connectivity/AutomaticOnOffKeepaliveTracker.java
+++ b/service/src/com/android/server/connectivity/AutomaticOnOffKeepaliveTracker.java
@@ -16,6 +16,8 @@
 
 package com.android.server.connectivity;
 
+import static android.Manifest.permission.NETWORK_STACK;
+import static android.content.Context.RECEIVER_NOT_EXPORTED;
 import static android.net.NetworkAgent.CMD_START_SOCKET_KEEPALIVE;
 import static android.net.SocketKeepalive.ERROR_INVALID_SOCKET;
 import static android.net.SocketKeepalive.SUCCESS_PAUSED;
@@ -235,6 +237,7 @@ public class AutomaticOnOffKeepaliveTracker {
         private PendingIntent createTcpPollingAlarmIntent(@NonNull Context context,
                 @NonNull IBinder token) {
             final Intent intent = new Intent(ACTION_TCP_POLLING_ALARM);
+            intent.setPackage(context.getPackageName());
             // Intent doesn't expose methods to put extra Binders, but Bundle does.
             final Bundle b = new Bundle();
             b.putBinder(EXTRA_BINDER_TOKEN, token);
@@ -272,7 +275,7 @@ public class AutomaticOnOffKeepaliveTracker {
 
         if (SdkLevel.isAtLeastU()) {
             mContext.registerReceiver(mReceiver, new IntentFilter(ACTION_TCP_POLLING_ALARM),
-                    null, handler);
+                    NETWORK_STACK, handler, RECEIVER_NOT_EXPORTED);
         }
         mAlarmManager = mContext.getSystemService(AlarmManager.class);
     }