Merge changes If2201f39,Ia1c366c5
* changes: Stop calling Vpn#updateCapabilities in CS. Stop accessing VPNs in checkConnectivityDiagnosticsPermissions.
This commit is contained in:
Lorenzo Colitti
@@ -4821,15 +4821,6 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void updateVpnCapabilities(Vpn vpn, @Nullable NetworkCapabilities nc) {
|
|
||||||
ensureRunningOnConnectivityServiceThread();
|
|
||||||
NetworkAgentInfo vpnNai = getNetworkAgentInfoForNetId(vpn.getNetId());
|
|
||||||
if (vpnNai == null || nc == null) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
updateCapabilities(vpnNai.getCurrentScore(), vpnNai, nc);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean updateLockdownVpn() {
|
public boolean updateLockdownVpn() {
|
||||||
if (Binder.getCallingUid() != Process.SYSTEM_UID) {
|
if (Binder.getCallingUid() != Process.SYSTEM_UID) {
|
||||||
@@ -5169,28 +5160,22 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
|||||||
|
|
||||||
private void onUserAdded(int userId) {
|
private void onUserAdded(int userId) {
|
||||||
mPermissionMonitor.onUserAdded(userId);
|
mPermissionMonitor.onUserAdded(userId);
|
||||||
Network defaultNetwork = getNetwork(getDefaultNetwork());
|
|
||||||
synchronized (mVpns) {
|
synchronized (mVpns) {
|
||||||
final int vpnsSize = mVpns.size();
|
final int vpnsSize = mVpns.size();
|
||||||
for (int i = 0; i < vpnsSize; i++) {
|
for (int i = 0; i < vpnsSize; i++) {
|
||||||
Vpn vpn = mVpns.valueAt(i);
|
Vpn vpn = mVpns.valueAt(i);
|
||||||
vpn.onUserAdded(userId);
|
vpn.onUserAdded(userId);
|
||||||
NetworkCapabilities nc = vpn.updateCapabilities(defaultNetwork);
|
|
||||||
updateVpnCapabilities(vpn, nc);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void onUserRemoved(int userId) {
|
private void onUserRemoved(int userId) {
|
||||||
mPermissionMonitor.onUserRemoved(userId);
|
mPermissionMonitor.onUserRemoved(userId);
|
||||||
Network defaultNetwork = getNetwork(getDefaultNetwork());
|
|
||||||
synchronized (mVpns) {
|
synchronized (mVpns) {
|
||||||
final int vpnsSize = mVpns.size();
|
final int vpnsSize = mVpns.size();
|
||||||
for (int i = 0; i < vpnsSize; i++) {
|
for (int i = 0; i < vpnsSize; i++) {
|
||||||
Vpn vpn = mVpns.valueAt(i);
|
Vpn vpn = mVpns.valueAt(i);
|
||||||
vpn.onUserRemoved(userId);
|
vpn.onUserRemoved(userId);
|
||||||
NetworkCapabilities nc = vpn.updateCapabilities(defaultNetwork);
|
|
||||||
updateVpnCapabilities(vpn, nc);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -8276,13 +8261,12 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
final Network[] underlyingNetworks;
|
for (NetworkAgentInfo virtual : mNetworkAgentInfos.values()) {
|
||||||
synchronized (mVpns) {
|
if (virtual.supportsUnderlyingNetworks()
|
||||||
final Vpn vpn = getVpnIfOwner(callbackUid);
|
&& virtual.networkCapabilities.getOwnerUid() == callbackUid
|
||||||
underlyingNetworks = (vpn == null) ? null : vpn.getUnderlyingNetworks();
|
&& ArrayUtils.contains(virtual.declaredUnderlyingNetworks, nai.network)) {
|
||||||
}
|
return true;
|
||||||
if (underlyingNetworks != null) {
|
}
|
||||||
if (Arrays.asList(underlyingNetworks).contains(nai.network)) return true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Administrator UIDs also contains the Owner UID
|
// Administrator UIDs also contains the Owner UID
|
||||||
|
|||||||
@@ -1058,7 +1058,9 @@ public class ConnectivityServiceTest {
|
|||||||
|
|
||||||
public void setUids(Set<UidRange> uids) {
|
public void setUids(Set<UidRange> uids) {
|
||||||
mNetworkCapabilities.setUids(uids);
|
mNetworkCapabilities.setUids(uids);
|
||||||
updateCapabilitiesInternal(null /* defaultNetwork */, true);
|
if (mAgentRegistered) {
|
||||||
|
mMockNetworkAgent.setNetworkCapabilities(mNetworkCapabilities, true);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setVpnType(int vpnType) {
|
public void setVpnType(int vpnType) {
|
||||||
@@ -1147,28 +1149,6 @@ public class ConnectivityServiceTest {
|
|||||||
mMockNetworkAgent.sendLinkProperties(lp);
|
mMockNetworkAgent.sendLinkProperties(lp);
|
||||||
}
|
}
|
||||||
|
|
||||||
private NetworkCapabilities updateCapabilitiesInternal(Network defaultNetwork,
|
|
||||||
boolean sendToConnectivityService) {
|
|
||||||
if (!mAgentRegistered) return null;
|
|
||||||
super.updateCapabilities(defaultNetwork);
|
|
||||||
// Because super.updateCapabilities will update the capabilities of the agent but
|
|
||||||
// not the mock agent, the mock agent needs to know about them.
|
|
||||||
copyCapabilitiesToNetworkAgent(sendToConnectivityService);
|
|
||||||
return new NetworkCapabilities(mNetworkCapabilities);
|
|
||||||
}
|
|
||||||
|
|
||||||
private void copyCapabilitiesToNetworkAgent(boolean sendToConnectivityService) {
|
|
||||||
if (null != mMockNetworkAgent) {
|
|
||||||
mMockNetworkAgent.setNetworkCapabilities(mNetworkCapabilities,
|
|
||||||
sendToConnectivityService);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public NetworkCapabilities updateCapabilities(Network defaultNetwork) {
|
|
||||||
return updateCapabilitiesInternal(defaultNetwork, false);
|
|
||||||
}
|
|
||||||
|
|
||||||
public void disconnect() {
|
public void disconnect() {
|
||||||
if (mMockNetworkAgent != null) mMockNetworkAgent.disconnect();
|
if (mMockNetworkAgent != null) mMockNetworkAgent.disconnect();
|
||||||
mAgentRegistered = false;
|
mAgentRegistered = false;
|
||||||
@@ -7442,20 +7422,14 @@ public class ConnectivityServiceTest {
|
|||||||
setupLocationPermissions(Build.VERSION_CODES.Q, true, AppOpsManager.OPSTR_FINE_LOCATION,
|
setupLocationPermissions(Build.VERSION_CODES.Q, true, AppOpsManager.OPSTR_FINE_LOCATION,
|
||||||
Manifest.permission.ACCESS_FINE_LOCATION);
|
Manifest.permission.ACCESS_FINE_LOCATION);
|
||||||
|
|
||||||
// setUp() calls mockVpn() which adds a VPN with the Test Runner's uid. Configure it to be
|
|
||||||
// active
|
|
||||||
final VpnInfo info = new VpnInfo();
|
|
||||||
info.ownerUid = Process.myUid();
|
|
||||||
info.vpnIface = VPN_IFNAME;
|
|
||||||
mMockVpn.setVpnInfo(info);
|
|
||||||
|
|
||||||
mMockVpn.establishForMyUid();
|
mMockVpn.establishForMyUid();
|
||||||
waitForIdle();
|
|
||||||
|
|
||||||
|
// Wait for networks to connect and broadcasts to be sent before removing permissions.
|
||||||
|
waitForIdle();
|
||||||
mServiceContext.setPermission(android.Manifest.permission.NETWORK_STACK, PERMISSION_DENIED);
|
mServiceContext.setPermission(android.Manifest.permission.NETWORK_STACK, PERMISSION_DENIED);
|
||||||
|
|
||||||
|
|
||||||
assertTrue(mService.setUnderlyingNetworksForVpn(new Network[] {network}));
|
assertTrue(mService.setUnderlyingNetworksForVpn(new Network[] {network}));
|
||||||
|
waitForIdle();
|
||||||
assertTrue(
|
assertTrue(
|
||||||
"Active VPN permission not applied",
|
"Active VPN permission not applied",
|
||||||
mService.checkConnectivityDiagnosticsPermissions(
|
mService.checkConnectivityDiagnosticsPermissions(
|
||||||
@@ -7463,6 +7437,7 @@ public class ConnectivityServiceTest {
|
|||||||
mContext.getOpPackageName()));
|
mContext.getOpPackageName()));
|
||||||
|
|
||||||
assertTrue(mService.setUnderlyingNetworksForVpn(null));
|
assertTrue(mService.setUnderlyingNetworksForVpn(null));
|
||||||
|
waitForIdle();
|
||||||
assertFalse(
|
assertFalse(
|
||||||
"VPN shouldn't receive callback on non-underlying network",
|
"VPN shouldn't receive callback on non-underlying network",
|
||||||
mService.checkConnectivityDiagnosticsPermissions(
|
mService.checkConnectivityDiagnosticsPermissions(
|
||||||
|
|||||||
Reference in New Issue
Block a user