From 6617c9be421abd47a51f88b6ccbb56c015c2ffed Mon Sep 17 00:00:00 2001 From: Automerger Merge Worker Date: Wed, 4 Mar 2020 18:04:01 +0000 Subject: [PATCH] Accept MAINLINE_NETWORK_STACK permission on register/unregister network provider Registering/Unregistering network provider needs NETWORK_FACTORY which is signature only permission. But mainline modules can't grant this permission because it's not signed with platform key. Hence, these APIs should also accept MAINLINE_NETWORK_STACK permission that allow mainline module to register/unregister network provider. Bug: 150733435 Test: atest FrameworksNetTests Change-Id: Id22113aa0db01244817b4b008f5573c5e7b317f0 Merged-In: Id22113aa0db01244817b4b008f5573c5e7b317f0 (cherry picked from aosp/1248727) --- .../java/android/net/ConnectivityManager.java | 28 ++++++++++++++----- .../android/server/ConnectivityService.java | 4 +-- 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/core/java/android/net/ConnectivityManager.java b/core/java/android/net/ConnectivityManager.java index fc6954fb48..81735ac8f6 100644 --- a/core/java/android/net/ConnectivityManager.java +++ b/core/java/android/net/ConnectivityManager.java @@ -3222,7 +3222,9 @@ public class ConnectivityManager { /** {@hide} - returns the factory serial number */ @UnsupportedAppUsage - @RequiresPermission(android.Manifest.permission.NETWORK_FACTORY) + @RequiresPermission(anyOf = { + NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, + android.Manifest.permission.NETWORK_FACTORY}) public int registerNetworkFactory(Messenger messenger, String name) { try { return mService.registerNetworkFactory(messenger, name); @@ -3233,7 +3235,9 @@ public class ConnectivityManager { /** {@hide} */ @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.P, trackingBug = 115609023) - @RequiresPermission(android.Manifest.permission.NETWORK_FACTORY) + @RequiresPermission(anyOf = { + NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, + android.Manifest.permission.NETWORK_FACTORY}) public void unregisterNetworkFactory(Messenger messenger) { try { mService.unregisterNetworkFactory(messenger); @@ -3253,7 +3257,9 @@ public class ConnectivityManager { * @hide */ @SystemApi - @RequiresPermission(android.Manifest.permission.NETWORK_FACTORY) + @RequiresPermission(anyOf = { + NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, + android.Manifest.permission.NETWORK_FACTORY}) public int registerNetworkProvider(@NonNull NetworkProvider provider) { if (provider.getProviderId() != NetworkProvider.ID_NONE) { throw new IllegalStateException("NetworkProviders can only be registered once"); @@ -3276,7 +3282,9 @@ public class ConnectivityManager { * @hide */ @SystemApi - @RequiresPermission(android.Manifest.permission.NETWORK_FACTORY) + @RequiresPermission(anyOf = { + NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, + android.Manifest.permission.NETWORK_FACTORY}) public void unregisterNetworkProvider(@NonNull NetworkProvider provider) { try { mService.unregisterNetworkProvider(provider.getMessenger()); @@ -3288,7 +3296,9 @@ public class ConnectivityManager { /** @hide exposed via the NetworkProvider class. */ - @RequiresPermission(android.Manifest.permission.NETWORK_FACTORY) + @RequiresPermission(anyOf = { + NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, + android.Manifest.permission.NETWORK_FACTORY}) public void declareNetworkRequestUnfulfillable(@NonNull NetworkRequest request) { try { mService.declareNetworkRequestUnfulfillable(request); @@ -3306,7 +3316,9 @@ public class ConnectivityManager { * Register a NetworkAgent with ConnectivityService. * @return Network corresponding to NetworkAgent. */ - @RequiresPermission(android.Manifest.permission.NETWORK_FACTORY) + @RequiresPermission(anyOf = { + NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, + android.Manifest.permission.NETWORK_FACTORY}) public Network registerNetworkAgent(Messenger messenger, NetworkInfo ni, LinkProperties lp, NetworkCapabilities nc, int score, NetworkAgentConfig config) { return registerNetworkAgent(messenger, ni, lp, nc, score, config, NetworkProvider.ID_NONE); @@ -3317,7 +3329,9 @@ public class ConnectivityManager { * Register a NetworkAgent with ConnectivityService. * @return Network corresponding to NetworkAgent. */ - @RequiresPermission(android.Manifest.permission.NETWORK_FACTORY) + @RequiresPermission(anyOf = { + NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, + android.Manifest.permission.NETWORK_FACTORY}) public Network registerNetworkAgent(Messenger messenger, NetworkInfo ni, LinkProperties lp, NetworkCapabilities nc, int score, NetworkAgentConfig config, int providerId) { try { diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java index 7287a44600..8cb8baf9ac 100644 --- a/services/core/java/com/android/server/ConnectivityService.java +++ b/services/core/java/com/android/server/ConnectivityService.java @@ -2083,9 +2083,9 @@ public class ConnectivityService extends IConnectivityManager.Stub } private void enforceNetworkFactoryPermission() { - mContext.enforceCallingOrSelfPermission( + enforceAnyPermissionOf( android.Manifest.permission.NETWORK_FACTORY, - "ConnectivityService"); + NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK); } private boolean checkSettingsPermission() {