LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge changes I6eb6d92b,I638e29fd,I2348b7a3

Browse Source 
* changes:
  Add a convenience method to update a network's capabilities.
  Disallow NetworkAgents from changing the owner UID.
  Observe mOwnerUID in NetworkCapabilities#equals.
This commit is contained in:
Lorenzo Colitti
2020-12-10 08:11:52 +00:00
committed by Gerrit Code Review
parent db56932b84 e4d1e526e1
commit 635e43ae1a
3 changed files with 39 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
core/java/android/net/NetworkCapabilities.java
View File

@@ -975,6 +975,10 @@ public final class NetworkCapabilities implements Parcelable {
return mOwnerUid; return mOwnerUid;
} }
private boolean equalsOwnerUid(@NonNull final NetworkCapabilities nc) {
return mOwnerUid == nc.mOwnerUid;
}
/** /**
* UIDs of packages that are administrators of this network, or empty if none. * UIDs of packages that are administrators of this network, or empty if none.
* *
@@ -1684,6 +1688,7 @@ public final class NetworkCapabilities implements Parcelable {
&& equalsTransportInfo(that) && equalsTransportInfo(that)
&& equalsUids(that) && equalsUids(that)
&& equalsSSID(that) && equalsSSID(that)
&& equalsOwnerUid(that)
&& equalsPrivateDnsBroken(that) && equalsPrivateDnsBroken(that)
&& equalsRequestor(that) && equalsRequestor(that)
&& equalsAdministratorUids(that); && equalsAdministratorUids(that);
@@ -1697,17 +1702,18 @@ public final class NetworkCapabilities implements Parcelable {
+ ((int) (mUnwantedNetworkCapabilities >> 32) * 7) + ((int) (mUnwantedNetworkCapabilities >> 32) * 7)
+ ((int) (mTransportTypes & 0xFFFFFFFF) * 11) + ((int) (mTransportTypes & 0xFFFFFFFF) * 11)
+ ((int) (mTransportTypes >> 32) * 13) + ((int) (mTransportTypes >> 32) * 13)
+ (mLinkUpBandwidthKbps * 17) + mLinkUpBandwidthKbps * 17
+ (mLinkDownBandwidthKbps * 19) + mLinkDownBandwidthKbps * 19
+ Objects.hashCode(mNetworkSpecifier) * 23 + Objects.hashCode(mNetworkSpecifier) * 23
+ (mSignalStrength * 29) + mSignalStrength * 29
+ Objects.hashCode(mUids) * 31 + mOwnerUid * 31
+ Objects.hashCode(mSSID) * 37 + Objects.hashCode(mUids) * 37
+ Objects.hashCode(mTransportInfo) * 41 + Objects.hashCode(mSSID) * 41
+ Objects.hashCode(mPrivateDnsBroken) * 43 + Objects.hashCode(mTransportInfo) * 43
+ Objects.hashCode(mRequestorUid) * 47 + Objects.hashCode(mPrivateDnsBroken) * 47
+ Objects.hashCode(mRequestorPackageName) * 53 + Objects.hashCode(mRequestorUid) * 53
+ Arrays.hashCode(mAdministratorUids) * 59; + Objects.hashCode(mRequestorPackageName) * 59
+ Arrays.hashCode(mAdministratorUids) * 61;
} }
@Override @Override

30
services/core/java/com/android/server/ConnectivityService.java
View File

@@ -2831,7 +2831,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
log(nai.toShortString() + " changed underlying networks to " log(nai.toShortString() + " changed underlying networks to "
+ Arrays.toString(nai.declaredUnderlyingNetworks)); + Arrays.toString(nai.declaredUnderlyingNetworks));
} }
updateCapabilities(nai.getCurrentScore(), nai, nai.networkCapabilities); updateCapabilitiesForNetwork(nai);
notifyIfacesChangedForNetworkStats(); notifyIfacesChangedForNetworkStats();
} }
} }
@@ -2855,8 +2855,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
if (probePrivateDnsCompleted) { if (probePrivateDnsCompleted) {
if (nai.networkCapabilities.isPrivateDnsBroken() != privateDnsBroken) { if (nai.networkCapabilities.isPrivateDnsBroken() != privateDnsBroken) {
nai.networkCapabilities.setPrivateDnsBroken(privateDnsBroken); nai.networkCapabilities.setPrivateDnsBroken(privateDnsBroken);
final int oldScore = nai.getCurrentScore(); updateCapabilitiesForNetwork(nai);
updateCapabilities(oldScore, nai, nai.networkCapabilities);
} }
// Only show the notification when the private DNS is broken and the // Only show the notification when the private DNS is broken and the
// PRIVATE_DNS_BROKEN notification hasn't shown since last valid. // PRIVATE_DNS_BROKEN notification hasn't shown since last valid.
@@ -2871,8 +2870,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
// done yet. In either case, the networkCapabilities should be updated to // done yet. In either case, the networkCapabilities should be updated to
// reflect the new status. // reflect the new status.
nai.networkCapabilities.setPrivateDnsBroken(false); nai.networkCapabilities.setPrivateDnsBroken(false);
final int oldScore = nai.getCurrentScore(); updateCapabilitiesForNetwork(nai);
updateCapabilities(oldScore, nai, nai.networkCapabilities);
nai.networkAgentConfig.hasShownBroken = false; nai.networkAgentConfig.hasShownBroken = false;
} }
break; break;
@@ -2893,7 +2891,6 @@ public class ConnectivityService extends IConnectivityManager.Stub
final NetworkAgentInfo nai = getNetworkAgentInfoForNetId(netId); final NetworkAgentInfo nai = getNetworkAgentInfoForNetId(netId);
// If captive portal status has changed, update capabilities or disconnect. // If captive portal status has changed, update capabilities or disconnect.
if (nai != null && (visible != nai.lastCaptivePortalDetected)) { if (nai != null && (visible != nai.lastCaptivePortalDetected)) {
final int oldScore = nai.getCurrentScore();
nai.lastCaptivePortalDetected = visible; nai.lastCaptivePortalDetected = visible;
nai.everCaptivePortalDetected |= visible; nai.everCaptivePortalDetected |= visible;
if (nai.lastCaptivePortalDetected && if (nai.lastCaptivePortalDetected &&
@@ -2904,7 +2901,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
teardownUnneededNetwork(nai); teardownUnneededNetwork(nai);
break; break;
} }
updateCapabilities(oldScore, nai, nai.networkCapabilities); updateCapabilitiesForNetwork(nai);
} }
if (!visible) { if (!visible) {
// Only clear SIGN_IN and NETWORK_SWITCH notifications here, or else other // Only clear SIGN_IN and NETWORK_SWITCH notifications here, or else other
@@ -2988,7 +2985,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
nai.networkAgentConfig.hasShownBroken = false; nai.networkAgentConfig.hasShownBroken = false;
} }
} else if (partialConnectivityChanged) { } else if (partialConnectivityChanged) {
updateCapabilities(nai.getCurrentScore(), nai, nai.networkCapabilities); updateCapabilitiesForNetwork(nai);
} }
updateInetCondition(nai); updateInetCondition(nai);
// Let the NetworkAgent know the state of its network // Let the NetworkAgent know the state of its network
@@ -3656,7 +3653,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
nri.mSatisfier = null; nri.mSatisfier = null;
if (!wasBackgroundNetwork && nai.isBackgroundNetwork()) { if (!wasBackgroundNetwork && nai.isBackgroundNetwork()) {
// Went from foreground to background. // Went from foreground to background.
updateCapabilities(nai.getCurrentScore(), nai, nai.networkCapabilities); updateCapabilitiesForNetwork(nai);
} }
} }
@@ -4820,7 +4817,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
ensureRunningOnConnectivityServiceThread(); ensureRunningOnConnectivityServiceThread();
for (NetworkAgentInfo nai : mNetworkAgentInfos.values()) { for (NetworkAgentInfo nai : mNetworkAgentInfos.values()) {
if (nai.supportsUnderlyingNetworks()) { if (nai.supportsUnderlyingNetworks()) {
updateCapabilities(nai.getCurrentScore(), nai, nai.networkCapabilities); updateCapabilitiesForNetwork(nai);
} }
} }
} }
@@ -6358,6 +6355,11 @@ public class ConnectivityService extends IConnectivityManager.Stub
*/ */
private void processCapabilitiesFromAgent(NetworkAgentInfo nai, NetworkCapabilities nc) { private void processCapabilitiesFromAgent(NetworkAgentInfo nai, NetworkCapabilities nc) {
nai.declaredMetered = !nc.hasCapability(NET_CAPABILITY_NOT_METERED); nai.declaredMetered = !nc.hasCapability(NET_CAPABILITY_NOT_METERED);
if (nai.networkCapabilities.getOwnerUid() != nc.getOwnerUid()) {
Log.e(TAG, nai.toShortString() + ": ignoring attempt to change owner from "
+ nai.networkCapabilities.getOwnerUid() + " to " + nc.getOwnerUid());
nc.setOwnerUid(nai.networkCapabilities.getOwnerUid());
}
} }
/** Modifies |caps| based on the capabilities of the specified underlying networks. */ /** Modifies |caps| based on the capabilities of the specified underlying networks. */
@@ -6571,6 +6573,11 @@ public class ConnectivityService extends IConnectivityManager.Stub
} }
} }
/** Convenience method to update the capabilities for a given network. */
private void updateCapabilitiesForNetwork(NetworkAgentInfo nai) {
updateCapabilities(nai.getCurrentScore(), nai, nai.networkCapabilities);
}
/** /**
* Returns whether VPN isolation (ingress interface filtering) should be applied on the given * Returns whether VPN isolation (ingress interface filtering) should be applied on the given
* network. * network.
@@ -6856,8 +6863,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
teardownUnneededNetwork(oldNetwork); teardownUnneededNetwork(oldNetwork);
} else { } else {
// Put the network in the background. // Put the network in the background.
updateCapabilities(oldNetwork.getCurrentScore(), oldNetwork, updateCapabilitiesForNetwork(oldNetwork);
oldNetwork.networkCapabilities);
} }
} }

30
tests/net/java/com/android/server/ConnectivityServiceTest.java
View File

@@ -1957,7 +1957,7 @@ public class ConnectivityServiceTest {
} }
@Test @Test
public void testOwnerUidChangeBug() throws Exception { public void testOwnerUidCannotChange() throws Exception {
// Owner UIDs are not visible without location permission. // Owner UIDs are not visible without location permission.
setupLocationPermissions(Build.VERSION_CODES.Q, true, AppOpsManager.OPSTR_FINE_LOCATION, setupLocationPermissions(Build.VERSION_CODES.Q, true, AppOpsManager.OPSTR_FINE_LOCATION,
Manifest.permission.ACCESS_FINE_LOCATION); Manifest.permission.ACCESS_FINE_LOCATION);
@@ -1972,39 +1972,19 @@ public class ConnectivityServiceTest {
waitForIdle(); waitForIdle();
// Send ConnectivityService an update to the mWiFiNetworkAgent's capabilities that changes // Send ConnectivityService an update to the mWiFiNetworkAgent's capabilities that changes
// its owner UID. // the owner UID and an unrelated capability.
NetworkCapabilities agentCapabilities = mWiFiNetworkAgent.getNetworkCapabilities(); NetworkCapabilities agentCapabilities = mWiFiNetworkAgent.getNetworkCapabilities();
assertEquals(originalOwnerUid, agentCapabilities.getOwnerUid()); assertEquals(originalOwnerUid, agentCapabilities.getOwnerUid());
agentCapabilities.setOwnerUid(42); agentCapabilities.setOwnerUid(42);
mWiFiNetworkAgent.setNetworkCapabilities(agentCapabilities, true);
waitForIdle();
// Check that the owner UID is not updated.
NetworkCapabilities nc = mCm.getNetworkCapabilities(mWiFiNetworkAgent.getNetwork());
assertEquals(originalOwnerUid, nc.getOwnerUid());
// Make an unrelated change to the capabilities.
assertFalse(agentCapabilities.hasCapability(NET_CAPABILITY_NOT_CONGESTED)); assertFalse(agentCapabilities.hasCapability(NET_CAPABILITY_NOT_CONGESTED));
agentCapabilities.addCapability(NET_CAPABILITY_NOT_CONGESTED); agentCapabilities.addCapability(NET_CAPABILITY_NOT_CONGESTED);
mWiFiNetworkAgent.setNetworkCapabilities(agentCapabilities, true); mWiFiNetworkAgent.setNetworkCapabilities(agentCapabilities, true);
waitForIdle(); waitForIdle();
// Check that both the capability change and the owner UID have been modified. // Check that the capability change has been applied but the owner UID is not modified.
// The owner UID is -1 because it is visible only to the UID that owns the network. NetworkCapabilities nc = mCm.getNetworkCapabilities(mWiFiNetworkAgent.getNetwork());
nc = mCm.getNetworkCapabilities(mWiFiNetworkAgent.getNetwork());
assertEquals(-1, nc.getOwnerUid());
assertTrue(nc.hasCapability(NET_CAPABILITY_NOT_CONGESTED));
// Set the owner back to originalOwnerUid, update the capabilities, and check that it is
// visible again.
// TODO: should this even be possible?
agentCapabilities.setOwnerUid(originalOwnerUid);
agentCapabilities.removeCapability(NET_CAPABILITY_NOT_CONGESTED);
mWiFiNetworkAgent.setNetworkCapabilities(agentCapabilities, true);
waitForIdle();
nc = mCm.getNetworkCapabilities(mWiFiNetworkAgent.getNetwork());
assertEquals(originalOwnerUid, nc.getOwnerUid()); assertEquals(originalOwnerUid, nc.getOwnerUid());
assertTrue(nc.hasCapability(NET_CAPABILITY_NOT_CONGESTED));
} }
@Test @Test