Don't mark NetworkRequests restricted when they don't have restricted caps
Requests without NET_CAPABILITIES_INTERNET and just the default network capabilities should not be marked restricted. Without this fix apps can hit permissions exceptions if they inadvertently make requests without NET_CAPABILITIES_INTERNET. Bug:23164917 Change-Id: I4c7136821315bcb05dfc42ffbc505a5d4f6109e6
This commit is contained in:
Paul Jensen
@@ -299,8 +299,12 @@ public final class NetworkCapabilities implements Parcelable {
|
||||
public void maybeMarkCapabilitiesRestricted() {
|
||||
// If all the capabilities are typically provided by restricted networks, conclude that this
|
||||
// network is restricted.
|
||||
if ((mNetworkCapabilities & ~(DEFAULT_CAPABILITIES | RESTRICTED_CAPABILITIES)) == 0)
|
||||
if ((mNetworkCapabilities & ~(DEFAULT_CAPABILITIES | RESTRICTED_CAPABILITIES)) == 0 &&
|
||||
// Must have at least some restricted capabilities, otherwise a request for an
|
||||
// internet-less network will get marked restricted.
|
||||
(mNetworkCapabilities & RESTRICTED_CAPABILITIES) != 0) {
|
||||
removeCapability(NET_CAPABILITY_NOT_RESTRICTED);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -943,8 +943,7 @@ public class ConnectivityServiceTest extends AndroidTestCase {
|
||||
if (capability == NET_CAPABILITY_CBS || capability == NET_CAPABILITY_DUN ||
|
||||
capability == NET_CAPABILITY_EIMS || capability == NET_CAPABILITY_FOTA ||
|
||||
capability == NET_CAPABILITY_IA || capability == NET_CAPABILITY_IMS ||
|
||||
capability == NET_CAPABILITY_RCS || capability == NET_CAPABILITY_XCAP ||
|
||||
capability == NET_CAPABILITY_TRUSTED || capability == NET_CAPABILITY_NOT_VPN) {
|
||||
capability == NET_CAPABILITY_RCS || capability == NET_CAPABILITY_XCAP) {
|
||||
assertFalse(nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED));
|
||||
} else {
|
||||
assertTrue(nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED));
|
||||
|
||||
Reference in New Issue
Block a user