Accept MAINLINE_NETWORK_STACK permission on register/unregister network provider

Registering/Unregistering network provider needs NETWORK_FACTORY which is signature only permission. But mainline modules can't grant this permission because it's not signed with platform key. Hence, these APIs should also accept MAINLINE_NETWORK_STACK permission that allow mainline module to register/unregister network provider. Bug: 150733435 Test: atest FrameworksNetTests Change-Id: Id22113aa0db01244817b4b008f5573c5e7b317f0 Merged-In: Id22113aa0db01244817b4b008f5573c5e7b317f0 (cherry picked from aosp/1248727)
2020-03-04 18:04:01 +00:00
parent ea7800cb54
commit 6617c9be42
2 changed files with 23 additions and 9 deletions
--- a/core/java/android/net/ConnectivityManager.java
+++ b/core/java/android/net/ConnectivityManager.java
@@ -3222,7 +3222,9 @@ public class ConnectivityManager {

    /** {@hide} - returns the factory serial number */
    @UnsupportedAppUsage
-    @RequiresPermission(android.Manifest.permission.NETWORK_FACTORY)
+    @RequiresPermission(anyOf = {
+            NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
+            android.Manifest.permission.NETWORK_FACTORY})
    public int registerNetworkFactory(Messenger messenger, String name) {
        try {
            return mService.registerNetworkFactory(messenger, name);
@@ -3233,7 +3235,9 @@ public class ConnectivityManager {

    /** {@hide} */
    @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.P, trackingBug = 115609023)
-    @RequiresPermission(android.Manifest.permission.NETWORK_FACTORY)
+    @RequiresPermission(anyOf = {
+            NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
+            android.Manifest.permission.NETWORK_FACTORY})
    public void unregisterNetworkFactory(Messenger messenger) {
        try {
            mService.unregisterNetworkFactory(messenger);
@@ -3253,7 +3257,9 @@ public class ConnectivityManager {
     * @hide
     */
    @SystemApi
-    @RequiresPermission(android.Manifest.permission.NETWORK_FACTORY)
+    @RequiresPermission(anyOf = {
+            NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
+            android.Manifest.permission.NETWORK_FACTORY})
    public int registerNetworkProvider(@NonNull NetworkProvider provider) {
        if (provider.getProviderId() != NetworkProvider.ID_NONE) {
            throw new IllegalStateException("NetworkProviders can only be registered once");
@@ -3276,7 +3282,9 @@ public class ConnectivityManager {
     * @hide
     */
    @SystemApi
-    @RequiresPermission(android.Manifest.permission.NETWORK_FACTORY)
+    @RequiresPermission(anyOf = {
+            NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
+            android.Manifest.permission.NETWORK_FACTORY})
    public void unregisterNetworkProvider(@NonNull NetworkProvider provider) {
        try {
            mService.unregisterNetworkProvider(provider.getMessenger());
@@ -3288,7 +3296,9 @@ public class ConnectivityManager {


    /** @hide exposed via the NetworkProvider class. */
-    @RequiresPermission(android.Manifest.permission.NETWORK_FACTORY)
+    @RequiresPermission(anyOf = {
+            NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
+            android.Manifest.permission.NETWORK_FACTORY})
    public void declareNetworkRequestUnfulfillable(@NonNull NetworkRequest request) {
        try {
            mService.declareNetworkRequestUnfulfillable(request);
@@ -3306,7 +3316,9 @@ public class ConnectivityManager {
     * Register a NetworkAgent with ConnectivityService.
     * @return Network corresponding to NetworkAgent.
     */
-    @RequiresPermission(android.Manifest.permission.NETWORK_FACTORY)
+    @RequiresPermission(anyOf = {
+            NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
+            android.Manifest.permission.NETWORK_FACTORY})
    public Network registerNetworkAgent(Messenger messenger, NetworkInfo ni, LinkProperties lp,
            NetworkCapabilities nc, int score, NetworkAgentConfig config) {
        return registerNetworkAgent(messenger, ni, lp, nc, score, config, NetworkProvider.ID_NONE);
@@ -3317,7 +3329,9 @@ public class ConnectivityManager {
     * Register a NetworkAgent with ConnectivityService.
     * @return Network corresponding to NetworkAgent.
     */
-    @RequiresPermission(android.Manifest.permission.NETWORK_FACTORY)
+    @RequiresPermission(anyOf = {
+            NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
+            android.Manifest.permission.NETWORK_FACTORY})
    public Network registerNetworkAgent(Messenger messenger, NetworkInfo ni, LinkProperties lp,
            NetworkCapabilities nc, int score, NetworkAgentConfig config, int providerId) {
        try {
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -2083,9 +2083,9 @@ public class ConnectivityService extends IConnectivityManager.Stub
    }

    private void enforceNetworkFactoryPermission() {
-        mContext.enforceCallingOrSelfPermission(
+        enforceAnyPermissionOf(
                android.Manifest.permission.NETWORK_FACTORY,
-                "ConnectivityService");
+                NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
    }

    private boolean checkSettingsPermission() {