LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "Update permission check for offloadEngine registration" into main

Browse Source
This commit is contained in:
Yuyang Huang
2023-09-05 08:45:39 +00:00
committed by Gerrit Code Review
parent 2be259b9cf 8e6fbc8c1a
commit 65f96123a2
2 changed files with 65 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
service-t/src/com/android/server/NsdService.java
View File

@@ -17,15 +17,18 @@
package com.android.server;
import static android.Manifest.permission.NETWORK_SETTINGS;
import static android.Manifest.permission.NETWORK_STACK;
import static android.net.ConnectivityManager.NETID_UNSET;
import static android.net.NetworkCapabilities.TRANSPORT_VPN;
import static android.net.NetworkCapabilities.TRANSPORT_WIFI;
import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK;
import static android.net.nsd.NsdManager.MDNS_DISCOVERY_MANAGER_EVENT;
import static android.net.nsd.NsdManager.MDNS_SERVICE_EVENT;
import static android.net.nsd.NsdManager.RESOLVE_SERVICE_SUCCEEDED;
import static android.provider.DeviceConfig.NAMESPACE_TETHERING;
import static com.android.modules.utils.build.SdkLevel.isAtLeastU;
import static com.android.networkstack.apishim.ConstantsShim.REGISTER_NSD_OFFLOAD_ENGINE;
import static com.android.server.connectivity.mdns.MdnsRecord.MAX_LABEL_LENGTH;
import static com.android.server.connectivity.mdns.util.MdnsUtils.Clock;
@@ -75,6 +78,7 @@ import com.android.internal.util.IndentingPrintWriter;
import com.android.internal.util.State;
import com.android.internal.util.StateMachine;
import com.android.metrics.NetworkNsdReportedMetrics;
import com.android.modules.utils.build.SdkLevel;
import com.android.net.module.util.CollectionUtils;
import com.android.net.module.util.DeviceConfigUtils;
import com.android.net.module.util.InetAddressUtils;
@@ -2098,9 +2102,7 @@ public class NsdService extends INsdManager.Stub {
public void registerOffloadEngine(String ifaceName, IOffloadEngine cb,
@OffloadEngine.OffloadCapability long offloadCapabilities,
@OffloadEngine.OffloadType long offloadTypes) {
// TODO: Relax the permission because NETWORK_SETTINGS is a signature permission, and
// it may not be possible for all the callers of this API to have it.
PermissionUtils.enforceNetworkStackPermissionOr(mContext, NETWORK_SETTINGS);
checkOffloadEnginePermission(mContext);
Objects.requireNonNull(ifaceName);
Objects.requireNonNull(cb);
mNsdStateMachine.sendMessage(
@@ -2111,13 +2113,31 @@ public class NsdService extends INsdManager.Stub {
@Override
public void unregisterOffloadEngine(IOffloadEngine cb) {
// TODO: Relax the permission because NETWORK_SETTINGS is a signature permission, and
// it may not be possible for all the callers of this API to have it.
PermissionUtils.enforceNetworkStackPermissionOr(mContext, NETWORK_SETTINGS);
checkOffloadEnginePermission(mContext);
Objects.requireNonNull(cb);
mNsdStateMachine.sendMessage(
mNsdStateMachine.obtainMessage(NsdManager.UNREGISTER_OFFLOAD_ENGINE, cb));
}
private static void checkOffloadEnginePermission(Context context) {
if (!SdkLevel.isAtLeastT()) {
throw new SecurityException("API is not available in before API level 33");
}
// REGISTER_NSD_OFFLOAD_ENGINE was only added to the SDK in V, but may
// be back ported to older builds: accept it as long as it's signature-protected
if (PermissionUtils.checkAnyPermissionOf(context, REGISTER_NSD_OFFLOAD_ENGINE)
&& (SdkLevel.isAtLeastV() || PermissionUtils.isSystemSignaturePermission(
context, REGISTER_NSD_OFFLOAD_ENGINE))) {
return;
}
if (PermissionUtils.checkAnyPermissionOf(context, NETWORK_STACK,
PERMISSION_MAINLINE_NETWORK_STACK, NETWORK_SETTINGS)) {
return;
}
throw new SecurityException("Requires one of the following permissions: "
+ String.join(", ", List.of(REGISTER_NSD_OFFLOAD_ENGINE, NETWORK_STACK,
PERMISSION_MAINLINE_NETWORK_STACK, NETWORK_SETTINGS)) + ".");
}
}
private void sendNsdStateChangeBroadcast(boolean isEnabled) {