From dd35f2dab05874e8c255bf3927d4bcdd6cf60a5d Mon Sep 17 00:00:00 2001 From: Chalard Jean Date: Wed, 24 Mar 2021 14:31:38 +0900 Subject: [PATCH] [NS04.7] Reinstate a necessary change NS04.5 removed a security that it shouldn't have. Reinstate it. Bug: 167544279 Test: ConnectivityServiceTest Merged-In: I3c2563d4ae4e3715d0c6270344ba8f7ef067872f Merged-In: If614da813a96d1b50a16fa4be5659e1647d9469d Change-Id: If614da813a96d1b50a16fa4be5659e1647d9469d (cherry-picked from ag/13975118) --- .../com/android/server/ConnectivityService.java | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java index b0a611fce5..c5ad13581c 100644 --- a/service/src/com/android/server/ConnectivityService.java +++ b/service/src/com/android/server/ConnectivityService.java @@ -6644,6 +6644,13 @@ public class ConnectivityService extends IConnectivityManager.Stub } } + private boolean isNetworkProviderWithIdRegistered(final int providerId) { + for (final NetworkProviderInfo npi : mNetworkProviderInfos.values()) { + if (npi.providerId == providerId) return true; + } + return false; + } + /** * Register or update a network offer. * @param newOffer The new offer. If the callback member is the same as an existing @@ -6651,6 +6658,13 @@ public class ConnectivityService extends IConnectivityManager.Stub */ private void handleRegisterNetworkOffer(@NonNull final NetworkOffer newOffer) { ensureRunningOnConnectivityServiceThread(); + if (!isNetworkProviderWithIdRegistered(newOffer.providerId)) { + // This may actually happen if a provider updates its score or registers and then + // immediately unregisters. The offer would still be in the handler queue, but the + // provider would have been removed. + if (DBG) log("Received offer from an unregistered provider"); + return; + } final NetworkOfferInfo existingOffer = findNetworkOfferInfoByCallback(newOffer.callback); if (null != existingOffer) {