Merge changes Ife5e91de,I46c5dfeb
* changes: Change the sanitizeCaps signature in preparation for moving Clarify sanitization of caps from NetworkAgent
This commit is contained in:
Paul Hu
@@ -3604,11 +3604,12 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
||||
|
||||
switch (msg.what) {
|
||||
case NetworkAgent.EVENT_NETWORK_CAPABILITIES_CHANGED: {
|
||||
final NetworkCapabilities networkCapabilities = new NetworkCapabilities(
|
||||
(NetworkCapabilities) arg.second);
|
||||
maybeUpdateWifiRoamTimestamp(nai, networkCapabilities);
|
||||
processCapabilitiesFromAgent(nai, networkCapabilities);
|
||||
updateCapabilities(nai.getCurrentScore(), nai, networkCapabilities);
|
||||
nai.declaredCapabilitiesUnsanitized =
|
||||
new NetworkCapabilities((NetworkCapabilities) arg.second);
|
||||
final NetworkCapabilities sanitized = sanitizedCapabilitiesFromAgent(
|
||||
mCarrierPrivilegeAuthenticator, nai);
|
||||
maybeUpdateWifiRoamTimestamp(nai, sanitized);
|
||||
updateCapabilities(nai.getCurrentScore(), nai, sanitized);
|
||||
break;
|
||||
}
|
||||
case NetworkAgent.EVENT_NETWORK_PROPERTIES_CHANGED: {
|
||||
@@ -7323,11 +7324,14 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
||||
if (VDBG) log("Network Monitor created for " + nai);
|
||||
// nai.nc and nai.lp are the same object that was passed by the network agent if the agent
|
||||
// lives in the same process as this code (e.g. wifi), so make sure this code doesn't
|
||||
// mutate their object
|
||||
final NetworkCapabilities nc = new NetworkCapabilities(nai.networkCapabilities);
|
||||
// mutate their object. TODO : make this copy much earlier to avoid them mutating it
|
||||
// while the network monitor is starting.
|
||||
final LinkProperties lp = new LinkProperties(nai.linkProperties);
|
||||
// Make sure the LinkProperties and NetworkCapabilities reflect what the agent info says.
|
||||
processCapabilitiesFromAgent(nai, nc);
|
||||
// Store a copy of the declared capabilities.
|
||||
nai.declaredCapabilitiesUnsanitized = new NetworkCapabilities(nai.networkCapabilities);
|
||||
// Make sure the LinkProperties and NetworkCapabilities reflect what the agent info said.
|
||||
final NetworkCapabilities nc =
|
||||
sanitizedCapabilitiesFromAgent(mCarrierPrivilegeAuthenticator, nai);
|
||||
nai.getAndSetNetworkCapabilities(mixInCapabilities(nai, nc));
|
||||
processLinkPropertiesFromAgent(nai, lp);
|
||||
nai.linkProperties = lp;
|
||||
@@ -7792,28 +7796,35 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
||||
}
|
||||
|
||||
/**
|
||||
* Called when receiving NetworkCapabilities directly from a NetworkAgent.
|
||||
* Stores into |nai| any data coming from the agent that might also be written to the network's
|
||||
* NetworkCapabilities by ConnectivityService itself. This ensures that the data provided by the
|
||||
* agent is not lost when updateCapabilities is called.
|
||||
* Sanitize capabilities coming from a network agent.
|
||||
*
|
||||
* Agents have restrictions on what capabilities they can send to Connectivity. For example,
|
||||
* they can't change the owner UID from what they declared before, and complex restrictions
|
||||
* apply to the accessUids field.
|
||||
* They also should not mutate immutable capabilities, although for backward-compatibility
|
||||
* this is not enforced and limited to just a log.
|
||||
*
|
||||
* This method returns a sanitized copy of the passed capabilities to make sure they don't
|
||||
* contain stuff they should not, and should generally be called by code that accesses
|
||||
* {@link NetworkAgentInfo#declaredCapabilitiesUnsanitized}.
|
||||
*/
|
||||
private void processCapabilitiesFromAgent(NetworkAgentInfo nai, NetworkCapabilities nc) {
|
||||
// TODO : move this to NetworkAgentInfo
|
||||
private NetworkCapabilities sanitizedCapabilitiesFromAgent(
|
||||
final CarrierPrivilegeAuthenticator carrierPrivilegeAuthenticator,
|
||||
@NonNull final NetworkAgentInfo nai) {
|
||||
final NetworkCapabilities nc = new NetworkCapabilities(nai.declaredCapabilitiesUnsanitized);
|
||||
if (nc.hasConnectivityManagedCapability()) {
|
||||
Log.wtf(TAG, "BUG: " + nai + " has CS-managed capability.");
|
||||
}
|
||||
// Note: resetting the owner UID before storing the agent capabilities in NAI means that if
|
||||
// the agent attempts to change the owner UID, then nai.declaredCapabilities will not
|
||||
// actually be the same as the capabilities sent by the agent. Still, it is safer to reset
|
||||
// the owner UID here and behave as if the agent had never tried to change it.
|
||||
if (nai.networkCapabilities.getOwnerUid() != nc.getOwnerUid()) {
|
||||
Log.e(TAG, nai.toShortString() + ": ignoring attempt to change owner from "
|
||||
+ nai.networkCapabilities.getOwnerUid() + " to " + nc.getOwnerUid());
|
||||
nc.setOwnerUid(nai.networkCapabilities.getOwnerUid());
|
||||
}
|
||||
nai.declaredCapabilities = new NetworkCapabilities(nc);
|
||||
NetworkAgentInfo.restrictCapabilitiesFromNetworkAgent(nc, nai.creatorUid,
|
||||
mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE),
|
||||
mCarrierPrivilegeAuthenticator);
|
||||
carrierPrivilegeAuthenticator);
|
||||
return nc;
|
||||
}
|
||||
|
||||
/** Modifies |newNc| based on the capabilities of |underlyingNetworks| and |agentCaps|. */
|
||||
@@ -7940,7 +7951,8 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
||||
}
|
||||
|
||||
if (nai.propagateUnderlyingCapabilities()) {
|
||||
applyUnderlyingCapabilities(nai.declaredUnderlyingNetworks, nai.declaredCapabilities,
|
||||
applyUnderlyingCapabilities(nai.declaredUnderlyingNetworks,
|
||||
sanitizedCapabilitiesFromAgent(mCarrierPrivilegeAuthenticator, nai),
|
||||
newNc);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user