Merge "Gate exemptFromEentitlementCheck by Network_STACK permission"
This commit is contained in:
Treehugger Robot
@@ -17,8 +17,10 @@
|
|||||||
package com.android.networkstack.tethering;
|
package com.android.networkstack.tethering;
|
||||||
|
|
||||||
import static android.Manifest.permission.ACCESS_NETWORK_STATE;
|
import static android.Manifest.permission.ACCESS_NETWORK_STATE;
|
||||||
|
import static android.Manifest.permission.NETWORK_STACK;
|
||||||
import static android.Manifest.permission.TETHER_PRIVILEGED;
|
import static android.Manifest.permission.TETHER_PRIVILEGED;
|
||||||
import static android.content.pm.PackageManager.PERMISSION_GRANTED;
|
import static android.content.pm.PackageManager.PERMISSION_GRANTED;
|
||||||
|
import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK;
|
||||||
import static android.net.TetheringManager.TETHER_ERROR_NO_ACCESS_TETHERING_PERMISSION;
|
import static android.net.TetheringManager.TETHER_ERROR_NO_ACCESS_TETHERING_PERMISSION;
|
||||||
import static android.net.TetheringManager.TETHER_ERROR_NO_CHANGE_TETHERING_PERMISSION;
|
import static android.net.TetheringManager.TETHER_ERROR_NO_CHANGE_TETHERING_PERMISSION;
|
||||||
import static android.net.TetheringManager.TETHER_ERROR_NO_ERROR;
|
import static android.net.TetheringManager.TETHER_ERROR_NO_ERROR;
|
||||||
@@ -253,15 +255,26 @@ public class TetheringService extends Service {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private boolean hasNetworkStackPermission() {
|
||||||
|
return checkCallingOrSelfPermission(NETWORK_STACK)
|
||||||
|
|| checkCallingOrSelfPermission(PERMISSION_MAINLINE_NETWORK_STACK);
|
||||||
|
}
|
||||||
|
|
||||||
private boolean hasTetherPrivilegedPermission() {
|
private boolean hasTetherPrivilegedPermission() {
|
||||||
return mService.checkCallingOrSelfPermission(TETHER_PRIVILEGED) == PERMISSION_GRANTED;
|
return checkCallingOrSelfPermission(TETHER_PRIVILEGED);
|
||||||
|
}
|
||||||
|
|
||||||
|
private boolean checkCallingOrSelfPermission(final String permission) {
|
||||||
|
return mService.checkCallingOrSelfPermission(permission) == PERMISSION_GRANTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean hasTetherChangePermission(final String callerPkg,
|
private boolean hasTetherChangePermission(final String callerPkg,
|
||||||
final String callingAttributionTag, final boolean onlyAllowPrivileged) {
|
final String callingAttributionTag, final boolean onlyAllowPrivileged) {
|
||||||
|
if (onlyAllowPrivileged && !hasNetworkStackPermission()) return false;
|
||||||
|
|
||||||
if (hasTetherPrivilegedPermission()) return true;
|
if (hasTetherPrivilegedPermission()) return true;
|
||||||
|
|
||||||
if (onlyAllowPrivileged || mTethering.isTetherProvisioningRequired()) return false;
|
if (mTethering.isTetherProvisioningRequired()) return false;
|
||||||
|
|
||||||
int uid = Binder.getCallingUid();
|
int uid = Binder.getCallingUid();
|
||||||
|
|
||||||
|
|||||||
@@ -339,7 +339,7 @@ public class EthernetTetheringTest {
|
|||||||
private MyTetheringEventCallback enableEthernetTethering(String iface) throws Exception {
|
private MyTetheringEventCallback enableEthernetTethering(String iface) throws Exception {
|
||||||
return enableEthernetTethering(iface,
|
return enableEthernetTethering(iface,
|
||||||
new TetheringRequest.Builder(TETHERING_ETHERNET)
|
new TetheringRequest.Builder(TETHERING_ETHERNET)
|
||||||
.setExemptFromEntitlementCheck(true).build());
|
.setShouldShowEntitlementUi(false).build());
|
||||||
}
|
}
|
||||||
|
|
||||||
private int getMTU(TestNetworkInterface iface) throws SocketException {
|
private int getMTU(TestNetworkInterface iface) throws SocketException {
|
||||||
@@ -510,7 +510,7 @@ public class EthernetTetheringTest {
|
|||||||
LinkAddress clientAddr = client == null ? null : new LinkAddress(client);
|
LinkAddress clientAddr = client == null ? null : new LinkAddress(client);
|
||||||
return new TetheringRequest.Builder(TETHERING_ETHERNET)
|
return new TetheringRequest.Builder(TETHERING_ETHERNET)
|
||||||
.setStaticIpv4Addresses(localAddr, clientAddr)
|
.setStaticIpv4Addresses(localAddr, clientAddr)
|
||||||
.setExemptFromEntitlementCheck(true).build();
|
.setShouldShowEntitlementUi(false).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
private void assertInvalidStaticIpv4Request(String iface, String local, String client)
|
private void assertInvalidStaticIpv4Request(String iface, String local, String client)
|
||||||
|
|||||||
@@ -281,22 +281,33 @@ public final class TetheringServiceTest {
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
private void runStartTetheringAndVerifyNoPermission(final TestTetheringResult result)
|
||||||
public void testStartTetheringWithExemptFromEntitlementCheck() throws Exception {
|
throws Exception {
|
||||||
final TetheringRequestParcel request = new TetheringRequestParcel();
|
final TetheringRequestParcel request = new TetheringRequestParcel();
|
||||||
request.tetheringType = TETHERING_WIFI;
|
request.tetheringType = TETHERING_WIFI;
|
||||||
request.exemptFromEntitlementCheck = true;
|
request.exemptFromEntitlementCheck = true;
|
||||||
|
|
||||||
runAsTetherPrivileged((result) -> {
|
|
||||||
runStartTethering(result, request);
|
|
||||||
verifyNoMoreInteractionsForTethering();
|
|
||||||
});
|
|
||||||
|
|
||||||
runAsWriteSettings((result) -> {
|
|
||||||
mTetheringConnector.startTethering(request, TEST_CALLER_PKG, TEST_ATTRIBUTION_TAG,
|
mTetheringConnector.startTethering(request, TEST_CALLER_PKG, TEST_ATTRIBUTION_TAG,
|
||||||
result);
|
result);
|
||||||
result.assertResult(TETHER_ERROR_NO_CHANGE_TETHERING_PERMISSION);
|
result.assertResult(TETHER_ERROR_NO_CHANGE_TETHERING_PERMISSION);
|
||||||
verifyNoMoreInteractionsForTethering();
|
verifyNoMoreInteractionsForTethering();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testFailToBypassEntitlementWithoutNeworkStackPermission() throws Exception {
|
||||||
|
final TetheringRequestParcel request = new TetheringRequestParcel();
|
||||||
|
request.tetheringType = TETHERING_WIFI;
|
||||||
|
request.exemptFromEntitlementCheck = true;
|
||||||
|
|
||||||
|
runAsNoPermission((result) -> {
|
||||||
|
runStartTetheringAndVerifyNoPermission(result);
|
||||||
|
});
|
||||||
|
|
||||||
|
runAsTetherPrivileged((result) -> {
|
||||||
|
runStartTetheringAndVerifyNoPermission(result);
|
||||||
|
});
|
||||||
|
|
||||||
|
runAsWriteSettings((result) -> {
|
||||||
|
runStartTetheringAndVerifyNoPermission(result);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user